Defending Your Frontend

425 views
380 views

Published on

Published in: Technology, Sports
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
425
On SlideShare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
2
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Defending Your Frontend

  1. 1. http://www.flickr.com/photos/8164746@N05/2329405200/
  2. 2. http://www.flickr.com/photos/52137170@N00/56206868/
  3. 3. Web Defacement!Step 1: Victim Clicks Attack Step 2: Victim sees a friendly errorPayload message
  4. 4. Web Defacement: Insert ExploitStep 1: Attacker inserts Step 2: Wait for victim to visit thisexploit book
  5. 5. Web Defacement: Exploit AnalysisStep 1: Clear current page Step 2: Create a fake page
  6. 6. Stealing Session Cookies  Step 2: Cookie is sent to Attacker Step 3: Attacker hijacksStep 1: Victim Clicks Attack Victim’s session by addingPayload stolen cookie to the browser
  7. 7. Steal Passwords  Step 2: Victim is forced to re-loginStep 1: Victim Clicks AttackPayload Step 3: Malicious payload sends username and password to Attacker
  8. 8. Steal Passwords: Exploit AnalysisStep 1: Create fake loginStep 2: Publish fake login
  9. 9. DB Compromise :( Step 2: Victim can’tStep 1: Attacker shuts DB do anything on the website. DB is down
  10. 10. What’s the biggest app security issue? Cross Site Scripting? SQL / Command Injection? Malicious URL Redirection? Malicious File Execution? Answer: It is temporal. And this approach, not appropriatehttp://www.flickr.com/photos/34838158@N00/3370167184/
  11. 11. OK. Let’s try again. A better approach. What’s that single biggest solution?http://www.flickr.com/photos/14318462@N00/66012169/
  12. 12. What’s that single biggest solution? Context-sensitive Auto Sanitization & Defensive Codinghttp://www.flickr.com/photos/55046645@N00/3933514241/
  13. 13. (includes validation and encoding) Sanitizationhttp://www.flickr.com/photos/37386206@N08/4056667699/
  14. 14. (Use Platforms with) Auto (Sanitization)http://www.flickr.com/photos/73344134@N00/2366984016/
  15. 15. Context-SensitiveClick. You can fire XSS with JS URI.. So use solution below
  16. 16. But Evolution Doesn’t stop No prod auto Web 2.0 solution yet. DOM Ajax/JSON/Encode Manually XML But that’s highly error prone. Misuse caseshttp://www.flickr.com/photos/88442983@N00/1541378785/
  17. 17. Defensive Coding • Evolution Theory • E.g. quality code/capability – document.getElementById( myAnchor).innerHTML=url; – YUI().use(node, function (Y) { var node = Y.one(#myanchor); node.set(text,url);}); • But why do so – Murphy’s Law – Mr. Einstein said as wellhttp://www.flickr.com/photos/diavolo/5870934960/
  18. 18. Yes, takes 2 to tango..http://www.flickr.com/photos/9737768@N04/3537843322/
  19. 19. Thanks Again….

×