Web applications are vulnerable to attacks from the moment they go online. This document discusses several common web attacks such as cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), parameter tampering, and cookie poisoning. It provides details on how these attacks work and recommendations for countermeasures like input validation, output encoding, access control, and encryption to help protect against these threats. Protecting web systems from compromise is important as attacks can result in financial loss or reputation damage for organizations.
Original Description:
In this presentation, I have given a short insight into various web-based attacks which are prevalent on the internet and how one can cope up with them.
Original Title
Various Web-based Attacks and Their Countermeasure
Web applications are vulnerable to attacks from the moment they go online. This document discusses several common web attacks such as cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), parameter tampering, and cookie poisoning. It provides details on how these attacks work and recommendations for countermeasures like input validation, output encoding, access control, and encryption to help protect against these threats. Protecting web systems from compromise is important as attacks can result in financial loss or reputation damage for organizations.
Web applications are vulnerable to attacks from the moment they go online. This document discusses several common web attacks such as cross-site scripting (XSS), SQL injection, cross-site request forgery (CSRF), parameter tampering, and cookie poisoning. It provides details on how these attacks work and recommendations for countermeasures like input validation, output encoding, access control, and encryption to help protect against these threats. Protecting web systems from compromise is important as attacks can result in financial loss or reputation damage for organizations.
Web attacks - exploit vulnerabilities in web servers, and programming flaws in web applications.
End-users and the organisations that provide web services need to protect their systems from being compromised. Lets have some look on the general trends of attacks and their potential impacts. Victims of web attacks are tricked into accessing a malicious website Organizations who do not safeguard their systems against these attacks run the risk of considerable financial loss or destruction of reputation. The Italian Job Web attack: Redirecting visitors to another website, where a malicious JavaScript would install a key logger and a Trojan downloader program on their PCs to test and see if they could be compromised further. The MySpace Phish / Drive-by attack Several hundred MySpace profiles were discovered injected with links to phishing sites Cross Site Scripting Attack (XSS) SQL Injection (SQLI) Cross Site Request Forgery (CSRF) Web Parameter Tampering Cookie Poisoning
Cross Site Scripting Attack (XSS) Type of injection, in which malicious scripts are injected into trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. An attacker can use XSS to send a malicious script to an unsuspecting user. The end users browser has no way to know that the script should not be trusted, and will execute the script. The malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. Countermeasures for XSS 1. Filtering for XSS Passing all external data through a filter which will remove dangerous keywords such as infamous <SCRIPT> tag, JavaScript commands etc. Depending on the backend technology used by the server various libraries can be used for filtering such as xssprotect, Jersey XSS filter. Countermeasures for XSS 2. Escaping the XSS Disabling the executing of the Scripts If an attacker manages to put a script on your page, the victim will not be affected because the browser will not execute the script if it is properly escaped. Escaping HTML is easy, but to ensure optimum security towards XSS various escaping libraries can be used Countermeasures for XSS 2. Escaping the XSS Escaping Libraries ESAPI by OWASP Java, .Net, PHP, Cold Fusion, Python AntiXSS best suited for Microsoft based technologies SQL Injection (SQLI) Most common application layer attack techniques used today Attackers take advantage of improper coding of web applications SQL commands are injected into a login form to gain access to the data stored in the database. SQL Injection (SQLI) Three main forms of SQL Injection Redirection and reshaping a query Error message based Blind Injection Blind Injection is one of the most important form of SQLI SQL Injection (SQLI) Example: SELECT * FROM users WHERE name = '' OR '1'='1'; The above SQL query will cause the selection of all user information stored in the users table. Countermeasures for SQL Injection (SQLI) Analysing the present state of security by performing a thorough audit of website Using best coding techniques for web applications. Regularly performing a web security audit after each change and addition to web components Limiting the Permission on the database logon used by the web application
Cross Site Request Forgery (CSRF) Malicious exploitation of a website in which a user will transmit malicious requests that the target website trusts. Attacker will trick a victim into accessing a website or clicking a URL link that contains malicious or unauthorized requests. CSRF attack will use the identity and privileges of the victim and impersonate them in order to perform any actions desired by the attacker. Cross Site Request Forgery (CSRF) Browser includes session cookie of the user, basic authentication credentials, IP address of the user etc. If users authentication session is still valid, an attacker can use CSRF to launch any desired requests against the website. Countermeasures for CSRF Use of Secret cookie Accept POST request only URL Rewriting Users must logout from web applications Using browser with safety i.e., not to save any login credentials on the web browser Web Parameter Tampering Certain Parameters in the URL or web page form field data entered by a user are changed without that users authorization. This points the browser to a link, page or site other than the one user is intends to visit. Countermeasure for Web Parameter Tampering Validation of Parameters in terms of: 1. Minimum and Maximum allowable length 2. Allowable Numeric Range 3. Allowable character Sequences and Pattern Web Application firewall can provide some protection against parameter tampering , provided it is configured for the site in use. Cookie Poisoning Modification of a cookie by an attacker to gain unauthorized information about the user such as Identity theft. Using this information, one can open new accounts and gain access to the existing accounts
Cookie Poisoning Cookies maintain bits of information that allow web sites you visit to authenticate your identity, speed up your transactions, monitor your behaviour, and personalize their presentations for you. Attacker examines a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie. Countermeasures for Cookie Poisoning Encrypting sensitive information in the cookies A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the server