FIT3173: Web Application Security II
Dr Jaigirdar Department of Software Systems and Cybersecurity
Faculty of Information Technology
Copyright By PowCoder代写 加微信 powcoder
Learning Outcomes of This Lecture
• Understand How the Cross-Site Request Forgery (CSRF) attack works • Identify CSRF vulnerability in real-world web applications
• Know how to apply defenses against CSRF
• Understand how the cross-site scripting (XSS) attack works
• Identify XSS vulnerability in real-world web applications • Know how to apply defences against XSS
Common Web Vulnerabilities
• Cross-Site Request Forgery (CSRF)
• Bad web site sends request to good web site, using credentials of an innocent victim who “visits” site
• Cross-Site Scripting (XSS)
• Bad web site sends innocent victim a script that steals information from an honest web site
Common Web Vulnerabilities
• On-Site/Cross-Site Request Forgery (OS/CSRF)
• Bad web site sends request to good web site, using credentials of an innocent victim who “visits” site
• Cross-Site Scripting (XSS)
• Bad web site sends innocent victim a script that steals information from an honest web site
• What happens if
URLs with Side Effects
• GET requests often have side effects on server state • Even though they are not supposed to
• the user is logged in with an active session cookie a request is issued for the above link?
• How could you get a user to visit a link?
Exploiting URLs with Side Effects
Cross-Site Request Forgery • Target: User who has an account on a vulnerable server
• Attack goal: make requests to the server via the user’s browser that look to the server like the user intended to make them
• Attacker tools: ability to get the user to “click a link” crafted by the attacker that goes to the vulnerable site
• Key tricks:
• Requests to the web server have predictable structure
Use of something like to force the victim to send it
Cross-Site Request Forgery
• Suppose there is an insecure ebanking http://bank.com/
• Alice wishes to transfer $100 to Bob
• Alice logins to http://bank.com
• Case 1: Using GET
GET http://bank.com/transfer.do?acct=BOB&amount=100 HTTP/1.1
• Carol first creates this http request: http://bank.com/transfer.do?acct=CAROL&amount=100000
• Carol uses some social engineering technique to tricks Alice clicking this link
• Case 2: Using POST
Cross-Site Request Forgery
POST http://bank.com/transfer.do HTTP/1.1
acct=BOB&amount=100
• This can be done using a FORM tag: