Post on 26-May-2015
transcript
Defending Your Frontend
http://www.flickr.com/photos/8164746@N05/2329405200/
http://www.flickr.com/photos/52137170@N00/56206868/
Step 1: Victim Clicks Attack Payload
Step 2: Victim sees a friendly error message
Web Defacement!
Step 1: Attacker inserts exploit
Step 2: Wait for victim to visit this book
Web Defacement: Insert Exploit
Step 1: Clear current page Step 2: Create a fake page
Web Defacement: Exploit Analysis
Stealing Session Cookies
Step 1: Victim Clicks Attack Payload
Step 2: Cookie is sent to Attacker
Step 3: Attacker hijacks Victim’s session by adding stolen cookie to the browser
Steal Passwords
Step 1: Victim Clicks Attack Payload
Step 2: Victim is forced to re-login
Step 3: Malicious payload sends username and password to Attacker
Steal Passwords: Exploit Analysis
Step 1: Create fake login
Step 2: Publish fake login
DB Compromise :(
Step 1: Attacker shuts DBStep 2: Victim can’t do anything on the website. DB is down
What’s the biggest app security issue?
Cross Site Scripting?SQL / Command Injection?Malicious URL Redirection?
Malicious File Execution?
Answer: It is temporal. And this approach, not appropriate
http://www.flickr.com/photos/34838158@N00/3370167184/
OK. Let’s try again.
A better approach. What’s that single biggest solution?
http://www.flickr.com/photos/14318462@N00/66012169/
Context-sensitive Auto Sanitization&
Defensive Coding
What’s that single biggest solution?
http://www.flickr.com/photos/55046645@N00/3933514241/
(includes validation and encoding) Sanitization
http://www.flickr.com/photos/37386206@N08/4056667699/
(Use Platforms with) Auto (Sanitization)
http://www.flickr.com/photos/73344134@N00/2366984016/
Context-Sensitive
Click. You can fire XSS with JS URI.. So use solution below
But Evolution Doesn’t stop
Misuse cases
Web 2.0 DOM
Ajax/JSON/ XML
http://www.flickr.com/photos/88442983@N00/1541378785/
No prod auto solution yet.
Encode Manually
But that’s highly error prone.
Defensive Coding• Evolution Theory• E.g. quality code/capability– document.getElementById('
myAnchor').innerHTML=url; – YUI().use('node', function
(Y) {var node = Y.one('#myanchor'); node.set('text',url);});
• But why do so– Murphy’s Law– Mr. Einstein said as well
http://www.flickr.com/photos/diavolo/5870934960/
Yes, takes 2 to tango..
http://www.flickr.com/photos/9737768@N04/3537843322/
Thanks Again….
yukinying@gmail.com /
yukinying
bish
@ro
ute1
3.in
/ b1
shan