1 / 18

Cross Site Scripting (XSS)

Cross Site Scripting (XSS). CS 526 Ehab B. Ashary Cross. Cross Site Scripting: Outline. Definition Risks Cross Site Scripting Types Testing Tools All Together Defense References. Definition.

Download Presentation

Cross Site Scripting (XSS)

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Cross Site Scripting (XSS) CS 526 Ehab B. AsharyCross

  2. Cross Site Scripting: Outline • Definition • Risks • Cross Site Scripting Types • Testing • Tools • All Together • Defense • References

  3. Definition • Cross Site Scripting (XSS) is a type of computer security exploit where information from one context, where it is not trusted, can be inserted into another context, where it is • The trusted website is used to store, transport, or deliver malicious content to the victim • The target is to trick the client browser to execute malicious scripting commands • JavaScript, VBScript, ActiveX, HTML, or Flash • Caused by insufficient input validation.

  4. Cross Site Scripting Risks XSS can : • Steal cookies • Hijack of user’s session • Unauthorized access • Modify content of the web page • Inserting words or images • Misinform • Bad reputation • Spy on what you do • Network Mapping • XSS viruses

  5. Cross Site Scripting Types Three known types: • Reflected (Non-Persistent) • Link in other website or email • Stored (Persistent) • Forum, bulletin board, feedback form • Local • PDF Adobe Reader, FLASH player

  6. Reflected (Non-Persistent) • Malicious content dose not get stored in the server • The server bounces the original input to the victim without modification

  7. Stored (Persistent) • The server stores the malicious content • The server serves the malicious content in its original form

  8. Local • The injected script does not traverse to the server • Arising fast as the major threat as the other two types of XSS are getting fixed

  9. Cross Site Scripting Testing • Where to start? • Search box • Feedback/Guestbook • Application forms • Look for input that can be displayed back by the site • <script>alert(“Boo”)</script> • Don’t forget to test with different encoding scheme “Base64, URL, Unicode”

  10. Cross Site Scripting Tools • N-stalker • Acunetix • Paros • Firefox add-ons • Hackbar • XSS ME

  11. Cross Site Scripting All Together

  12. Cross Site Scripting All Together

  13. Cross Site Scripting All Together

  14. Cross Site Scripting All Together

  15. Cross Site Scripting All Together • <SCRIPT SRC=http://ha.ckers.org/xss.js></SCRIPT>

  16. Cross Site Scripting All Together

  17. Cross Site Scripting Defense • Clint side • Disable JS • Verify email • Always update • Server side • Input validation (Black listing VS White listing) • Encode all meta characters send to the client • keep track of user sessions • Web application firewall • Always test

  18. Cross Site Scripting: References • RSnake, XSS Cheat Sheet http://ha.ckers.org/xss.html • XSS Attack information http://xssed.com/ • OWASP – Testing for XSS http://www.owasp.org/index.php/Testing_for_Cross_site_scripting • Klein, A., DOM Based Cross Site Scriptinghttp://www.webappsec.org/projects/articles/071105.shtml • Acunetix web application security http://www.acunetix.com • N-stalker http://www.nstalker.com • How to use XSS ME http://a4apphack.com/index.php/featured/secfox-xssme-automated-xss-detection-in-firefoxpart-3 • SANS Web Application Security Workshop

More Related