Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Defending Your Frontend

654 views

Published on

Published in: Technology, Sports
  • Be the first to comment

  • Be the first to like this

Defending Your Frontend

  1. 1. http://www.flickr.com/photos/8164746@N05/2329405200/
  2. 2. http://www.flickr.com/photos/52137170@N00/56206868/
  3. 3. Web Defacement!Step 1: Victim Clicks Attack Step 2: Victim sees a friendly errorPayload message
  4. 4. Web Defacement: Insert ExploitStep 1: Attacker inserts Step 2: Wait for victim to visit thisexploit book
  5. 5. Web Defacement: Exploit AnalysisStep 1: Clear current page Step 2: Create a fake page
  6. 6. Stealing Session Cookies  Step 2: Cookie is sent to Attacker Step 3: Attacker hijacksStep 1: Victim Clicks Attack Victim’s session by addingPayload stolen cookie to the browser
  7. 7. Steal Passwords  Step 2: Victim is forced to re-loginStep 1: Victim Clicks AttackPayload Step 3: Malicious payload sends username and password to Attacker
  8. 8. Steal Passwords: Exploit AnalysisStep 1: Create fake loginStep 2: Publish fake login
  9. 9. DB Compromise :( Step 2: Victim can’tStep 1: Attacker shuts DB do anything on the website. DB is down
  10. 10. What’s the biggest app security issue? Cross Site Scripting? SQL / Command Injection? Malicious URL Redirection? Malicious File Execution? Answer: It is temporal. And this approach, not appropriatehttp://www.flickr.com/photos/34838158@N00/3370167184/
  11. 11. OK. Let’s try again. A better approach. What’s that single biggest solution?http://www.flickr.com/photos/14318462@N00/66012169/
  12. 12. What’s that single biggest solution? Context-sensitive Auto Sanitization & Defensive Codinghttp://www.flickr.com/photos/55046645@N00/3933514241/
  13. 13. (includes validation and encoding) Sanitizationhttp://www.flickr.com/photos/37386206@N08/4056667699/
  14. 14. (Use Platforms with) Auto (Sanitization)http://www.flickr.com/photos/73344134@N00/2366984016/
  15. 15. Context-SensitiveClick. You can fire XSS with JS URI.. So use solution below
  16. 16. But Evolution Doesn’t stop No prod auto Web 2.0 solution yet. DOM Ajax/JSON/Encode Manually XML But that’s highly error prone. Misuse caseshttp://www.flickr.com/photos/88442983@N00/1541378785/
  17. 17. Defensive Coding • Evolution Theory • E.g. quality code/capability – document.getElementById( myAnchor).innerHTML=url; – YUI().use(node, function (Y) { var node = Y.one(#myanchor); node.set(text,url);}); • But why do so – Murphy’s Law – Mr. Einstein said as wellhttp://www.flickr.com/photos/diavolo/5870934960/
  18. 18. Yes, takes 2 to tango..http://www.flickr.com/photos/9737768@N04/3537843322/
  19. 19. Thanks Again….

×