lessonplan character updates so it also works on Windows Cp125
This commit is contained in:
René Zubcevic
Nanne Baars
parent
6b68a12449
commit
6f532683a1
@ -4,15 +4,15 @@
|
|||||||
* Stealing session cookies
|
* Stealing session cookies
|
||||||
* Creating false requests
|
* Creating false requests
|
||||||
* Creating false fields on a page to collect credentials
|
* Creating false fields on a page to collect credentials
|
||||||
* Redirecting your page to a “non-friendly” site
|
* Redirecting your page to a "non-friendly" site
|
||||||
* Creating requests that masquerade as a valid user
|
* Creating requests that masquerade as a valid user
|
||||||
* Stealing of confidential information
|
* Stealing of confidential information
|
||||||
* Execution of malicious code on an end-user system (active scripting)
|
* Execution of malicious code on an end-user system (active scripting)
|
||||||
* Insertion of hostile and inappropriate content
|
* Insertion of hostile and inappropriate content
|
||||||
+
|
+
|
||||||
----
|
----
|
||||||
<img src=“http://malicious.site.com/image.jpg/>
|
<img src="http://malicious.site.com/image.jpg/>
|
||||||
“>GoodYear recommends buying BridgeStone tires…
|
">GoodYear recommends buying BridgeStone tires...
|
||||||
----
|
----
|
||||||
|
|
||||||
=== XSS attacks add validity to phishing attacks
|
=== XSS attacks add validity to phishing attacks
|
||||||
|
|||||||
@ -9,6 +9,6 @@ The difference between DOM and 'traditional' reflected XSS is that, with DOM, th
|
|||||||
* That link may load a malicious web page or a web page they use (are logged into?) that has a vulnerable route/handler
|
* That link may load a malicious web page or a web page they use (are logged into?) that has a vulnerable route/handler
|
||||||
* If it's a malicious web page, it may use it's own JavaScript to attack another page/url with a vulnerable route/handler
|
* If it's a malicious web page, it may use it's own JavaScript to attack another page/url with a vulnerable route/handler
|
||||||
* The vulnerable page renders the payload and executes attack in the user's context on that page/site
|
* The vulnerable page renders the payload and executes attack in the user's context on that page/site
|
||||||
* Attacker’s malicious script may run commands with the privileges of local account
|
* Attacker's malicious script may run commands with the privileges of local account
|
||||||
|
|
||||||
*Victim does not realize attack occurred* ... Malicious attackers don't use <script>alert('xss')</ script>
|
*Victim does not realize attack occurred* ... Malicious attackers don't use <script>alert('xss')</ script>
|
||||||
@ -5,8 +5,8 @@
|
|||||||
In a login CSRF attack, the attacker forges a login request to an honest site using the attacker’s username
|
In a login CSRF attack, the attacker forges a login request to an honest site using the attacker’s username
|
||||||
and password at that site. If the forgery succeeds, the honest server responds with a `Set-Cookie` header
|
and password at that site. If the forgery succeeds, the honest server responds with a `Set-Cookie` header
|
||||||
that instructs the browser to mutate its state by storing a session cookie, logging the user into
|
that instructs the browser to mutate its state by storing a session cookie, logging the user into
|
||||||
the honest site as the attacker. This session cookie is used to bind subsequent requests to the user’s session and hence
|
the honest site as the attacker. This session cookie is used to bind subsequent requests to the user's session and hence
|
||||||
to the attacker’s authentication credentials. Login CSRF attacks can have serious consequences, for example
|
to the attacker's authentication credentials. Login CSRF attacks can have serious consequences, for example
|
||||||
see the picture below where an attacker created an account at google.com the victim visits the malicious
|
see the picture below where an attacker created an account at google.com the victim visits the malicious
|
||||||
website and the user is logged in as the attacker. The attacker could then later on gather information about
|
website and the user is logged in as the attacker. The attacker could then later on gather information about
|
||||||
the activities of the user.
|
the activities of the user.
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
== Parameterized Queries – Java Example
|
== Parameterized Queries - Java Example
|
||||||
[source,java]
|
[source,java]
|
||||||
-------------------------------------------------------
|
-------------------------------------------------------
|
||||||
public static String loadAccount() {
|
public static String loadAccount() {
|
||||||
@ -15,10 +15,10 @@ public static String loadAccount() {
|
|||||||
if (results.getRow() <= 2) {
|
if (results.getRow() <= 2) {
|
||||||
data = processAccount(results);
|
data = processAccount(results);
|
||||||
} else {
|
} else {
|
||||||
// Handle the error – Database integrity issue
|
// Handle the error - Database integrity issue
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
// Handle the error – no records found }
|
// Handle the error - no records found }
|
||||||
}
|
}
|
||||||
} catch (SQLException sqle) {
|
} catch (SQLException sqle) {
|
||||||
// Log and handle the SQL Exception }
|
// Log and handle the SQL Exception }
|
||||||
|
|||||||
@ -1,7 +1,7 @@
|
|||||||
== Parameterized Queries – .NET
|
== Parameterized Queries - .NET
|
||||||
-------------------------------------------------------
|
-------------------------------------------------------
|
||||||
public static bool isUsernameValid(string username) {
|
public static bool isUsernameValid(string username) {
|
||||||
RegEx r = new Regex(“^[A-Za-z0-9]{16}$”);
|
RegEx r = new Regex("^[A-Za-z0-9]{16}$");
|
||||||
Return r.isMatch(username);
|
Return r.isMatch(username);
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -18,5 +18,5 @@ try {
|
|||||||
}
|
}
|
||||||
} else { // handle invalid input }
|
} else { // handle invalid input }
|
||||||
}
|
}
|
||||||
catch (Exception e) { // Handle all exceptions… }
|
catch (Exception e) { // Handle all exceptions... }
|
||||||
-------------------------------------------------------
|
-------------------------------------------------------
|
||||||
|
|||||||
@ -6,7 +6,7 @@
|
|||||||
=== Prevents other types of attacks from being stored in the database
|
=== Prevents other types of attacks from being stored in the database
|
||||||
* Stored XSS
|
* Stored XSS
|
||||||
* Information leakage
|
* Information leakage
|
||||||
* Logic errors – business rule validation
|
* Logic errors - business rule validation
|
||||||
* SQL injection
|
* SQL injection
|
||||||
|
|
||||||
=== Often the database is considered trusted
|
=== Often the database is considered trusted
|
||||||
|
|||||||
@ -1,4 +1,4 @@
|
|||||||
== Parameterized Queries – Java Snippet
|
== Parameterized Queries - Java Snippet
|
||||||
[source,java]
|
[source,java]
|
||||||
----
|
----
|
||||||
public static bool isUsernameValid(string username) {
|
public static bool isUsernameValid(string username) {
|
||||||
@ -21,5 +21,5 @@ try {
|
|||||||
}
|
}
|
||||||
} else { // handle invalid input }
|
} else { // handle invalid input }
|
||||||
}
|
}
|
||||||
catch (…) { // handle all exceptions … }
|
catch (...) { // handle all exceptions ... }
|
||||||
----
|
----
|
||||||
|
|||||||
@ -10,7 +10,7 @@ unintended code gets into your applications.
|
|||||||
|
|
||||||
What better way to do that than with your very own scapegoat?
|
What better way to do that than with your very own scapegoat?
|
||||||
|
|
||||||
Feel free to do what you will with him. Hack, poke, prod and if it makes you feel better, scare him until your heart’s content.
|
Feel free to do what you will with him. Hack, poke, prod and if it makes you feel better, scare him until your heart's content.
|
||||||
Go ahead, and hack the goat. We promise he likes it.
|
Go ahead, and hack the goat. We promise he likes it.
|
||||||
|
|
||||||
Thanks for your interest!
|
Thanks for your interest!
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user