Tweet
Tweet

Slide 1

Slide 1 text

XSS CROSS SITE SCRIPTING

Slide 2

Slide 2 text

Ivan Banov Front-end Engineer

Slide 3

Slide 3 text

What is?

Slide 4

Slide 4 text

OWASP OWASP is a non-profit organization with the goal of improving the security of software and the internet

Slide 5

Slide 5 text

OWASP 1 - Injection 2 - Broken Authentication and Session Management (XSS) 3 - Cross Site Scripting (XSS) 4 - Insecure Direct Object References 5 - Security Misconfiguration 6 - Sensitive Data Exposure 7 - Missing Function Level Access Control 8 - Cross Site Request Forgery (CSRF) 9 - Using Components with Known Vulnerabilities 10 - Unvalidated Redirects and Forwards

Slide 6

Slide 6 text

OWASP 1 - Injection 2 - Broken Authentication and Session Management (XSS) 3 - Cross Site Scripting (XSS) 4 - Insecure Direct Object References 5 - Security Misconfiguration 6 - Sensitive Data Exposure 7 - Missing Function Level Access Control 8 - Cross Site Request Forgery (CSRF) 9 - Using Components with Known Vulnerabilities 10 - Unvalidated Redirects and Forwards

Slide 7

Slide 7 text

Stored Reflected DOM-based

Slide 8

Slide 8 text

Store This is when an attacker could inject script code onto your site permanently and every user who views the page where the script is injected will execute it.

Slide 9

Slide 9 text

POST xss DATABASE lastComment: xss REPONSE

Comments


 ... xss // lastComment POST

Slide 10

Slide 10 text

Reflected This is when an attacker could forge a link to inject script code that will execute from your website. This is also the most common type of XSS

Slide 11

Slide 11 text

FAKE LINK http://site.com/?query=xss RESPONSE WITH XSS

Your search xss

RECEIVE DATA e.g. document.cookie POST

Slide 12

Slide 12 text

DOM-based This kind of XSS is executed at some point after the page has loaded, many time needs user interaction, which means that the attacker must trick the user to execute the script himself. This one is very similar to the reflected XSS, but for needing user interaction makes it harder for the attacker

Slide 13

Slide 13 text

FAKE LINK http://site.com/?query=xss DOM USE QUERY Search // search uses query param and BANG! RECEIVE DATA e.g. document.cookie POST

Slide 14

Slide 14 text

DOUBLE ENCODED XSS NOT ENCODED alert('XSS') ENCODED %3Cscript%3Ealert('XSS')%3C%2Fscript%3E DOUBLE ENCODED %253Cscript%253Ealert('XSS')%253C%252Fscript%253E

Slide 15

Slide 15 text

DATA ENCODE https://site.com/#data:text/plain,alert('xss')

Slide 16

Slide 16 text

XSS ON REACT

Slide 17

Slide 17 text

XSS ON REACT { user: { username: "Xss User", bio: "...xss" } }

Slide 18

Slide 18 text

XSS ON REACT

Slide 19

Slide 19 text

LET'S PLAY https://xss-game.appspot.com/

Slide 20

Slide 20 text

REFERENCES - https://medium.com/node-security/the-most-common-xss- vulnerability-in-react-js-applications-2bdffbcc1fa0#.tth9q6chn - http://redux.js.org/docs/recipes/ServerRendering.html - https://blog.detectify.com/2012/09/22/the-basics-of-cross-site- scripting-xss/ - https://whitton.io/tags/#xss - https://excess-xss.com/

Slide 21

Slide 21 text

THANK YOU