defending your frontend
TRANSCRIPT
![Page 1: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/1.jpg)
Defending Your Frontend
http://www.flickr.com/photos/8164746@N05/2329405200/
![Page 2: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/2.jpg)
http://www.flickr.com/photos/52137170@N00/56206868/
![Page 3: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/3.jpg)
Step 1: Victim Clicks Attack Payload
Step 2: Victim sees a friendly error message
Web Defacement!
![Page 4: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/4.jpg)
Step 1: Attacker inserts exploit
Step 2: Wait for victim to visit this book
Web Defacement: Insert Exploit
![Page 5: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/5.jpg)
Step 1: Clear current page Step 2: Create a fake page
Web Defacement: Exploit Analysis
![Page 6: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/6.jpg)
Stealing Session Cookies
Step 1: Victim Clicks Attack Payload
Step 2: Cookie is sent to Attacker
Step 3: Attacker hijacks Victim’s session by adding stolen cookie to the browser
![Page 7: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/7.jpg)
Steal Passwords
Step 1: Victim Clicks Attack Payload
Step 2: Victim is forced to re-login
Step 3: Malicious payload sends username and password to Attacker
![Page 8: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/8.jpg)
Steal Passwords: Exploit Analysis
Step 1: Create fake login
Step 2: Publish fake login
![Page 9: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/9.jpg)
DB Compromise :(
Step 1: Attacker shuts DBStep 2: Victim can’t do anything on the website. DB is down
![Page 10: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/10.jpg)
What’s the biggest app security issue?
Cross Site Scripting?SQL / Command Injection?Malicious URL Redirection?
Malicious File Execution?
Answer: It is temporal. And this approach, not appropriate
http://www.flickr.com/photos/34838158@N00/3370167184/
![Page 11: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/11.jpg)
OK. Let’s try again.
A better approach. What’s that single biggest solution?
http://www.flickr.com/photos/14318462@N00/66012169/
![Page 12: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/12.jpg)
Context-sensitive Auto Sanitization&
Defensive Coding
What’s that single biggest solution?
http://www.flickr.com/photos/55046645@N00/3933514241/
![Page 13: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/13.jpg)
(includes validation and encoding) Sanitization
http://www.flickr.com/photos/37386206@N08/4056667699/
![Page 14: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/14.jpg)
(Use Platforms with) Auto (Sanitization)
http://www.flickr.com/photos/73344134@N00/2366984016/
![Page 15: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/15.jpg)
Context-Sensitive
Click. You can fire XSS with JS URI.. So use solution below
![Page 16: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/16.jpg)
But Evolution Doesn’t stop
Misuse cases
Web 2.0 DOM
Ajax/JSON/ XML
http://www.flickr.com/photos/88442983@N00/1541378785/
No prod auto solution yet.
Encode Manually
But that’s highly error prone.
![Page 17: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/17.jpg)
Defensive Coding• Evolution Theory• E.g. quality code/capability– document.getElementById('
myAnchor').innerHTML=url; – YUI().use('node', function
(Y) {var node = Y.one('#myanchor'); node.set('text',url);});
• But why do so– Murphy’s Law– Mr. Einstein said as well
http://www.flickr.com/photos/diavolo/5870934960/
![Page 18: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/18.jpg)
Yes, takes 2 to tango..
http://www.flickr.com/photos/9737768@N04/3537843322/
![Page 19: Defending Your Frontend](https://reader035.vdocuments.net/reader035/viewer/2022062405/55636014d8b42ae6088b4777/html5/thumbnails/19.jpg)
Thanks Again….
yukinying
bish
@ro
ute1
3.in
/ b1
shan