Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cross site scripting

2,202 views

Published on

null Mumbai Chapter - October 2012 Meet

  • Be the first to comment

Cross site scripting

  1. 1. Cross Site Scripting Badrish Dubey badrish007@gmail.com securetechpoint.blogspot.in
  2. 2. INTRODUCTION XSS was firstly discovered around 1996 and is still in the top ten vulnerability list for the web applications Rated 2nd in OWASP (Open Web Application Security Project) TOP 10 8th in the list of threat classification v2.0 for WASC (Web Application Security Consortium) Grouped under client side ATTACK
  3. 3. What XSS can do!!!! Stealing cookies, this is also known as Session Hijacking. Redirecting the users to another websites. Displaying completely different contents on your website. Performing port scans of the customer’s internal network, which may lead to a full intrusion attempt. Denting the REPUTATION and GOODWILL of the organization. Can lead Huge PENALITY AMOUNT which can affect the continuity of business
  4. 4. Different flavors of XSS1. Reflected Cross Site Scripting (Non Persistence)2. Stored Cross Site Scripting (Persistence)3. DOM based Cross Site ScriptingIn rest of the presentation we would be talking about theReflected and Stored Cross site scripting.
  5. 5. Reflected XSSReflected XSS, also known as, Non–Persistence XSS or TYPE 1XSS, is the case of attack that doesnt load with the vulnerableweb application but is originated by the victim loading theoffending URL. Now lets us see how the Reflected XSS takesplace.
  6. 6. Reflected XSS
  7. 7.  DEMO TIME 
  8. 8. Stored XSSStored XSS is also known as Persistence XSS or TYPE 2 XSS.Stored XSS occurs when a web application gathers input from auser which might be malicious, and then stores that input in adata storage for later use. The input, that is stored, is notcorrectly filtered. As a consequence, the malicious data willappear to be the part of the web site and runs within the user’sbrowser under the privileges of the web application.
  9. 9. Stored XSS
  10. 10.  DEMO TIME 
  11. 11. How to DETECT XSS1. BLACK BOX TESTING  Using web application scanner (Automated)  Manually Testing2. WHITE BOX TESTING  Code analysis
  12. 12. How to PREVENT XSS1. Encode output, based on, input parameters2. Filter input parameters for special characters3. Filter output, based on, input parameters for special characters4. White list the Input
  13. 13. Defense IN-DEAPTH (HttpOnly)• Set the HTTPOnly flag on your session cookie and on any custom cookie that you don’t want to be accessed by any javascript.• When you mark your cookie as HttpOnly, then it is not accessible via javascript.• In case after taking all the measures for XSS, if it still executes, then HttpOnly flag minimizes the damage.
  14. 14. References• OWASP:- https://www.owasp.org/index.php/Cross-site_Scripting_(XSS)• WASC:- http://projects.webappsec.org/w/page/13246920/Cross%20Site%20Script ing• Wikipedia:- http://en.wikipedia.org/wiki/Cross-site_scripting• CERT Advisory:- http://www.cert.org/advisories/CA-2000-02.html• You can also find this complete article on my blog (http://securetechpoint.blogspot.in/) and also you can get this in haking9 magazine http://hakin9.org/pentesting-with-android-exploiting-software-0612/
  15. 15. BE SAFE AND BE SECURE•

×