Various Web-based Attacks and Their Countermeasure

VARIOUS WEB-BASED ATTACKS AND THEIR COUNTER MEASURES

VARIOUS WEB-BASED ATTACKS AND THEIR COUNTER MEASURESTAPENDER SINGH YADAV1101CS34B.Tech 3rd YearDepartment of Computer Science & EngineeringIndian Institute of Technology Patna

IntroductionWeb applications are vulnerable to attacks from the moment they go online.Web attacks - exploit vulnerabilities in web servers, and programming flaws in web applications.

Introduction (contd.)End-users and the organisations that provide web services need to protect their systems from being compromised. Lets have some look on the general trends of attacks and their potential impacts.Trends of attacks and their potential impactsVictims of web attacks are tricked into accessing a malicious websiteOrganizations who do not safeguard their systems against these attacks run the risk of considerable financial loss or destruction of reputation.Famous Web-attacksThe Italian Job Web attack: Redirecting visitors to another website, where a malicious JavaScript would install a key logger and a Trojan downloader program on their PCs to test and see if they could be compromised further.The MySpace Phish / Drive-by attackSeveral hundred MySpace profiles were discovered injected with links to phishing sites Various Web-attacksCross Site Scripting Attack (XSS)SQL Injection (SQLI)Cross Site Request Forgery (CSRF)Web Parameter TamperingCookie Poisoning

Web Hacking Incident Database for 2011 (WHID)

Web-attacks in detail & their countermeasuresCross Site Scripting Attack (XSS) Type of injection, in which malicious scripts are injected into trusted web sites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user. Web-attacks in detail & their countermeasuresAn attacker can use XSS to send a malicious script to an unsuspecting user.The end users browser has no way to know that the script should not be trusted, and will execute the script. The malicious script can access any cookies, session tokens, or other sensitive information retained by the browser and used with that site. Web-attacks in detail & their countermeasures

Web-attacks in detail & their countermeasuresCountermeasures for XSS Filtering for XSSPassing all external data through a filter which will remove dangerous keywords such as infamous tag, JavaScript commands etc.Depending on the backend technology used by the server various libraries can be used for filtering such as xssprotect, Jersey XSS filter.Web-attacks in detail & their countermeasuresCountermeasures for XSS2. Escaping the XSS Disabling the executing of the Scripts If an attacker manages to put a script on your page, the victim will not be affected because the browser will not execute the script if it is properly escaped. Escaping HTML is easy, but to ensure optimum security towards XSS various escaping libraries can be usedWeb-attacks in detail & their countermeasuresCountermeasures for XSS2. Escaping the XSS Escaping Libraries ESAPI by OWASP Java, .Net, PHP, Cold Fusion, Python AntiXSS best suited for Microsoft based technologiesWeb-attacks in detail & their countermeasuresSQL Injection (SQLI) Most common application layer attack techniques used today Attackers take advantage of improper coding of web applications SQL commands are injected into a login form to gain access to the data stored in the database.Web-attacks in detail & their countermeasuresSQL Injection (SQLI) Three main forms of SQL InjectionRedirection and reshaping a queryError message basedBlind InjectionBlind Injection is one of the most important form of SQLIWeb-attacks in detail & their countermeasuresSQL Injection (SQLI) Example: SELECT * FROM users WHERE name = '' OR '1'='1'; The above SQL query will cause the selection of all user information stored in the users table.Web-attacks in detail & their countermeasuresCountermeasures for SQL Injection (SQLI) Analysing the present state of security by performing a thorough audit of website Using best coding techniques for web applications. Regularly performing a web security audit after each change and addition to web components Limiting the Permission on the database logon used by the web application

Web-attacks in detail & their countermeasuresCross Site Request Forgery (CSRF) Malicious exploitation of a website in which a user will transmit malicious requests that the target website trusts. Attacker will trick a victim into accessing a website or clicking a URL link that contains malicious or unauthorized requests.CSRF attack will use the identity and privileges of the victim and impersonate them in order to perform any actions desired by the attacker.Web-attacks in detail & their countermeasuresCross Site Request Forgery (CSRF) Browser includes session cookie of the user, basic authentication credentials, IP address of the user etc. If users authentication session is still valid, an attacker can use CSRF to launch any desired requests against the website.Web-attacks in detail & their countermeasuresCountermeasures for CSRF Use of Secret cookie Accept POST request only URL Rewriting Users must logout from web applications Using browser with safety i.e., not to save any login credentials on the web browserWeb-attacks in detail & their countermeasuresWeb Parameter Tampering Certain Parameters in the URL or web page form field data entered by a user are changed without that users authorization. This points the browser to a link, page or site other than the one user is intends to visit.Web-attacks in detail & their countermeasuresCountermeasure for Web Parameter Tampering Validation of Parameters in terms of: Minimum and Maximum allowable length Allowable Numeric Range Allowable character Sequences and Pattern Web Application firewall can provide some protection against parameter tampering , provided it is configured for the site in use.Web-attacks in detail & their countermeasuresCookie Poisoning Modification of a cookie by an attacker to gain unauthorized information about the user such as Identity theft. Using this information, one can open new accounts and gain access to the existing accounts

Web-attacks in detail & their countermeasuresCookie Poisoning Cookies maintain bits of information that allow web sites you visit to authenticate your identity, speed up your transactions, monitor your behaviour, and personalize their presentations for you. Attacker examines a cookie to determine its purpose and edit it so that it helps them get user information from the Web site that sent the cookie. Web-attacks in detail & their countermeasuresCountermeasures for Cookie Poisoning Encrypting sensitive information in the cookies A digital signature is created that is used to validate the content in all future communications between the sender and the recipient. If the content is tampered with, the signature will no longer match the content and will be refused access by the serverThank You !!!