XSSAyman Babiker
You Should Already      Know• HTML.• JavaScript.• PHP, ASP…     etc.
Cross Site Scripting (XSS)• One of the most common application-layer web    attacks.•   Operates on the client-side (in th...
Cross Site Scripting (XSS)• XSS can cause a variety of problems for the  end user (annoyance “alerts” ~ complete  account ...
XSS types• Stored XSS Attacks.• Reflected XSS Attacks.• DOM Based XSS.
How it works<form method=“get” action=“index.php”>   <input name=“hack_me” />   <input type=“submit” value=“Submit” /></fo...
How it works<?php $txt=$_GET[„hack_me‟]; echo $txt; // echo “<script>alert("Hacked");</script>”?>
Alternate XSS Syntax• Using Script in Attributes   • <body onload=alert(Hacked )>   • <img src="http://url.to.file.which/n...
Commonly used to achieve the following malicious results:• Identity theft.• Accessing sensitive or restricted information....
XSS Countermeasures• There are a huge number of XSS attack    vectors, following a few simple rules can    completely defe...
XSS Countermeasures• HTML Escape Before Inserting Untrusted Data  into HTML Element Content:   •   ESAPI Encoder Example: ...
XSS Countermeasures• Also untrusted Data into:   • HTML Common Attributes.   • JavaScript Data Values.   • HTML Style Prop...
More?• http://ha.ckers.org/xss.html• https://www.owasp.org/index.php/XSS_(Cross_Site  _Scripting)_Prevention_Cheat_Sheet
The End.
Cross Site Scripting (XSS)
Cross Site Scripting (XSS)
Upcoming SlideShare
Loading in...5
×

Cross Site Scripting (XSS)

2,033

Published on

Published in: Education
0 Comments
2 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
2,033
On Slideshare
0
From Embeds
0
Number of Embeds
0
Actions
Shares
0
Downloads
94
Comments
0
Likes
2
Embeds 0
No embeds

No notes for slide

Cross Site Scripting (XSS)

  1. 1. XSSAyman Babiker
  2. 2. You Should Already Know• HTML.• JavaScript.• PHP, ASP… etc.
  3. 3. Cross Site Scripting (XSS)• One of the most common application-layer web attacks.• Operates on the client-side (in the user‟s web browser).• 13% of total hacking technics (in 2011).• Neglected by the developers. WHY ?!.• Executed every time the page is loaded.• JavaScript, VBScript, ActiveX, HTML, or Flash.
  4. 4. Cross Site Scripting (XSS)• XSS can cause a variety of problems for the end user (annoyance “alerts” ~ complete account compromise “session hijacking”).• Installation of Trojan horse programs.• Page modification and redirection.
  5. 5. XSS types• Stored XSS Attacks.• Reflected XSS Attacks.• DOM Based XSS.
  6. 6. How it works<form method=“get” action=“index.php”> <input name=“hack_me” /> <input type=“submit” value=“Submit” /></form>
  7. 7. How it works<?php $txt=$_GET[„hack_me‟]; echo $txt; // echo “<script>alert("Hacked");</script>”?>
  8. 8. Alternate XSS Syntax• Using Script in Attributes • <body onload=alert(Hacked )> • <img src="http://url.to.file.which/not.exist" onerror=alert(document.cookie);>• XSS using Script Via Encoded URI Schemes • <img src=j&#X41vascript:alert(„Hacked)>
  9. 9. Commonly used to achieve the following malicious results:• Identity theft.• Accessing sensitive or restricted information.• Gaining free access to otherwise paid for content.• Spying on user‟s web browsing habits.• Altering browser functionality.• Web application defacement.• Denial of Service attacks.
  10. 10. XSS Countermeasures• There are a huge number of XSS attack vectors, following a few simple rules can completely defend against this serious attack.• The simplest form of XSS protection is to pass all external data through a filter (in server-side).• It is recommended to use libraries that has been tried and tested by the community.• XSS techniques keep changing (your filters will need to be updated periodically).• ESAPI (OWASP), AntiXSS (Microsoft).
  11. 11. XSS Countermeasures• HTML Escape Before Inserting Untrusted Data into HTML Element Content: • ESAPI Encoder Example: String safe = ESAPI.encoder().encodeForHTML( request.getParameter( "input" ) ); • AntiXSS Equivalent: string safe = Microsoft.Security.Application.AntiXss.HtmlEncode( Request.QueryString[ "input" ] );
  12. 12. XSS Countermeasures• Also untrusted Data into: • HTML Common Attributes. • JavaScript Data Values. • HTML Style Property Values. • HTML URL Parameter Values.• Also use HTTPOnly cookie flag.
  13. 13. More?• http://ha.ckers.org/xss.html• https://www.owasp.org/index.php/XSS_(Cross_Site _Scripting)_Prevention_Cheat_Sheet
  14. 14. The End.
  1. A particular slide catching your eye?

    Clipping is a handy way to collect important slides you want to go back to later.

×