Cross Origin Resource Inclusion

1,425 views

Published on

Published in: Technology, Design
0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
1,425
On SlideShare
0
From Embeds
0
Number of Embeds
72
Actions
Shares
0
Downloads
13
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Cross Origin Resource Inclusion

  1. 1. Julian CohenHockeyInJune@isis.poly.edu OWASP DC August 2011
  2. 2.  Asynchronous JavaScript and XML Web 2.0 Design Trends Same Origin Policy Cross-Origin Resource Sharing Exploitation Some Thoughts Solutions
  3. 3. HOW DO THEY WORK?
  4. 4.  A simple way to refresh content dynamically Prevents having to refresh the entire page Originally  AJAX used for continuously updating content only Today  AJAX is used for EVERYTHING
  5. 5.  AJAX is being used more Frameworks automatically use AJAX
  6. 6.  Scripts are confined to their originating site XMLHttpRequest() follows SOP
  7. 7. Demonstration
  8. 8. HOW DO THEY WORK?
  9. 9.  Allows XMLHttpRequest to make cross-origin requests Checks the remote host to see if it allows cross-origin requests http://www.w3.org/TR/cors/
  10. 10.  Scripts are confined to their originating site XMLHttpRequest() follows SOP Documents are confined to their originating site XMLHttpRequest() checks with the remote host
  11. 11.  Document Object Childrensite: safe.com<html> <head> <script src="http://malicious.com/"> </head></html>
  12. 12.  Different Document Objects  Frames  Windows Cookies
  13. 13. Demonstration
  14. 14.  Cross-origin DOM objects are owned by different Document objects Setting innerHTML changes the ownerDocument property of DOM objects http://dev.w3.org/html5/spec/Overview.html#innerhtml
  15. 15.  Cookies stolen in client-side because of injected resource Cookies were never sent cross-origin by the browser Functionality exists: Access-Control-Allow- Credentials
  16. 16.  Static Analysis  grep XMLHttpRequest Dynamic Analysis  Google Chrome Developer Tools breakpoint  Taint analysis
  17. 17.  Make Cookies HttpOnly Set Access-Control-Allow-Origin to null
  18. 18.  Access-Control-Allow-Origin null by default Only allow safe DOM objects on a cross- origin request http://isisblogs.poly.edu/?p=26
  19. 19. Julian Cohen HockeyInJune@isis.poly.eduhttp://isisblogs.poly.edu/?p=26

×