This document discusses techniques for preventing SQL injection and cross-site scripting (XSS) vulnerabilities. It proposes using prepared statements with separate data and control planes as a "safe query object" approach. It also discusses policy-based sanitization of HTML and focusing code reviews on defect detection through annotating suspicious code regions. The overall goal is to help developers adopt architectures and techniques that thoroughly apply technical solutions to recognize and fix security weaknesses.
Computer 10: Lesson 10 - Online Crimes and Hazards
Whatever it takes - Fixing SQLIA and XSS in the process
1. Whatever it takes
Fixing SQLIA and XSS in the process
Diploma Thesis Outline Seminar “Beiträge zum Software
Presentation, Florian Thiel Engineering”, FU Berlin, 11/06/2008
22. “This issue isn't just about scripting, and
there isn't necessarily anything cross site
about it. So why the name? It was coined
earlier on when the problem was less
understood, and it stuck. Believe me, we have
had more important things to do than think
of a better name. <g>. “
-- Marc Slemko, Apache.org
23. eval(‘user input’)1,2
1) the essence of XSS
2) limited only by the execution environment
42. Make sure that the technical
solutions are thoroughly applied
43. 1. Make developers use a reasonable
architecture
2. Make developers recognize a
weakness when they meet one
3. Make developers find weaknesses
4. Make people actually fix things
48. Artifacts
• reviewer annotates suspicious code regions
• e.g. @userinput, @output
• makes review work visible in the source
code
• and more valuable since annotations can
be reused
49. // @userinput(data)
// [insert data into query, ignore
non-alphanums]
def insertAlphaNum(query, data):
// [make sure data is
canonical]
c_data = data.toCharSet(...)
c_data.replace(...)
...
// [insert data into query]
query.prepare(...)
query.insert(data...)
...
50. 4) (Repair)
• once weakness is known, developers should
be motivated enough
• focus is on keeping the code secure,
minimizing effort
51. My tasks
• provide practical architectural assumptions
• construct effective reading method
• + awareness of potential weaknesses
• get a project to adopt my methods
53. This presentation is
licensed under a Creative
Commons BY-SA license.
Attribution for pictures through links.
Slides, materials, progress etc. can be found @
http://www.noroute.de/blog/diplomathesis