1 / 13

Secure Web Applications: Advanced Concepts with AJAX

Explore advanced techniques in web application development with AJAX, including security vulnerabilities like JS Array poisoning and JSON pair injection. Learn to protect your application from malicious attacks. Gain insights on AJAX security holes and driving factors for secure coding practices.

azalia-kemp
Télécharger la présentation

Secure Web Applications: Advanced Concepts with AJAX

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Web Application with AJAX CS 526 advanced interned and Web system Presenters Faris Kateb Mohammed AbdulAziz Omar Alzahrani

  2. Agenda • Introduction to Ajax • General Techniques used by Ajax? • Ajax Security Vulnerabilities • JS Array poisoning • Flash-based cross domain access • Malformed JS Object serialization • JSON pair injection • Manipulated XML stream • Script injection in DOM AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  3. - Country : - Country : - Country : - State : - State : - State : - State : - City : - City : - City : - City : Before AJAX USA USA USA CO CO CO Denver Denver Database Server AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  4. - Country : - State : - City : After AJAX USA CO Denver Database Server AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  5. AJAX • - What’s AJAX? • Asynchronous Javascript And XML • E.g., Google Search String Matching/Suggestions • - How it achieve that? • - The XMLHttpRequest Object • Base object for AJAX • Available in most browsers • ThroughThe XMLHttpRequest objectyou can : AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  6. General Technique AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  7. Ajax vulnerabilities • There are many vulnerabilities • Our concentration are on the security holes • A list of some security holes included in our research • JS Array poisoning • Flash-based cross domain access • Malformed JS Object serialization • JSON pair injection • Manipulated XML stream • Script injection in DOM AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  8. JS Array poisoning • Popular object for serialization • Easy and effective • Poisoning a JS array spoils the DOM context. • A JS array can be exploited with simple cross-site scripting in the browser. • Example: auction site for a used mobile • new Array(“Android”, “nexus s”, “Tmobile”, “500$”, “1 years”) • user can inject a script in the last field • alert(’Array has length ' + a2.length + ' and its element is also ' + a2[5]); AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  9. Flash-based cross domain access • It is possible to make GET and POST requests from JavaScripts within a browser by using a Flash plugin’s Ajax interface. • This also enables cross-domain calls to be made from any particular domain. • The page code • Attackers link to swf <object> <param name="movie" value="swf/banner.swf" /> <param name="img" value="image1.jpg" /> <param name="link" value="http://www.whitehatsec.com" /> <embed src="swf/banner.swf" flashvars="img=image1.jpg&amp;link=http://www.whitehatsec.com" /> </object> http://www.example.com/swf/banner.swf?img=http://web.appsec.ws/images/WH.jpg&link=javascript:confirm('Session%20Information%20Sent%20to%20Hacker');// AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  10. AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  11. REFERENCES [1] http://www.asp.net/ajax. [2] http://www.w3schools.com/ajax/ajax_intro.asp. [3] Ajax Security Holes and Driving Factors http://www.net-security.org. [4] SC Magazine, Article: Hot or not: AJAX vulnerabilities,http://www.scmagazine.com [5] https://blog.whitehatsec.com/tag/crossdomain-xml/ [6] Article: AJAX Vulnerabilities: How Big the Threat?, http://www.about.com AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  12. Malformed JS Object serialization • JavaScript supports (OOP). • Allows the user to create an object using "New Object()“. • Object can be serialized using Ajax and used by JavaScript code. • Attacker can sends a malicious “subject” line embedded with script then it makes the receiver a victim of XSS. [3] AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

  13. JSON pair injection • JavaScript Object Notation (JSON) is a simple data exchange format which can contain object. • Attacker can inject a malicious script in either "Link" or "Desc" (XSS). • Another way to serialize malicious content to the user. [3] AJAX/Faris Kateb, Mohammed Abdulaziz & Omar Alzahrani

More Related