Massachusetts Institute of Technology Types of Web Application Attacks PPT

User Generated

barfznfq

Computer Science

Massachusetts Institute of Technology

Description

I'm working on a cyber security question and need an explanation to help me learn.



Software Security:

(Define Cross-site scripting and describe countermeasures. Define Cross-Site Request Forgery and describe countermeasures. Define Buffer Overflow and describe countermeasures). I would like you to do 10 powerpoint slides. Please cite the sources in APA.....include speakers notes

User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

View attached explanation and answer. Let me know if you have any questions.This isn't complete yet but could you view the ppt so far and tell me if this is ok or if there are any changes to be made for XSS and the rest of the attacks?

Cyber Attacks

Cross Site Scripting (XSS)
• The cross site scripting attack is one of OWASP’s top 10 web application
security attacks.
• It works on web applications that do not validate the input they receive
from their text fields.
• An attacker could enter malicious HTML or Javascript code in a text field of
a web application.
• The web application would then store this malicious code in their servers.
• An unsuspecting user would download the malicious code when they visit
the web application and run the script on their own personal devices
without even realizing it.

Description





Let us assume that there exists a website www.123xyz.com.
The website serves as a platform for people to buy and sell TVs.
A black hat hacker Bob can post an ad for his TV.
Instead of entering the description of the TV, he instead enters malicious
HTML code and uploads the ad.
• Alice, who is an unsuspecting end user gets infected by this malicious code
if she were to view Bob’s ad on the website.
• The malicious code could be used by Bob to gain Alice’s cookie or session
token information.
• Such information will allow Bob to perform a masquerade attack in which
he can use the session ID of Alice to trick the web server into thinking that
it is communicating with Alice when in reality it is communicating with
Bob.

Countermeasures
• The web server should make sure that the input it receives is free of
certain special characters especially ones like “”.
• The web server should validate all input for every text field to ensure
that users cannot enter unnecessary characters. For example, a user
does not need to enter numbers into a text field that should be used
to enter their name.
• Countermeasures that can be taken by the end user to prevent XSS
attacks would be to access websites while disabling the javascript
functionalities. This would degrade the appearance of the website but
will ensure that malicious scripts don’t run on their personal devices.
• End users can also disable flash players from running on their web
browsers.

View attached explanation and answer. Let me know if you have any questions.Done with XSS and CSRF, but I forgot about the prevention techniques for CSRF so I had to look it up online. I cited it though.
View attached explanation and answer. Let me know if you have any questions.

Cyber Attacks

Cross Site Scripting (XSS)
• The cross site scripting attack is one of OWASP’s top 10 web application
security attacks.
• It works on web applications that do not validate the input they receive
from their text fields.
• An attacker could enter malicious HTML or Javascript code in a text field of
a web application.
• The web application would then store this malicious code in their servers.
• An unsuspecting user would download the malicious code when they visit
the web application and run the script on their own personal devices
without even realizing it.

Description





Let us assume that there exists a website www.123xyz.com.
The website serves as a platform for people to buy and sell TVs.
A black hat hacker Bob can post an ad for his TV.
Instead of entering the description of the TV, he instead enters malicious
HTML code and uploads the ad.
• Alice, who is an unsuspecting end user gets infected by this malicious code
if she were to view Bob’s ad on the website.
• The malicious code could be used by Bob to gain Alice’s cookie or session
token information.
• Such information will allow Bob to perform a masquerade attack in which
he can use the session ID of Alice to trick the web server into thinking that
it is communicating with Alice when in reality it is communicating with
Bob.

Countermeasures
• The web server should make sure that the input it receives is free of
certain special characters especially ones like “”.
• The web server should validate all input for every text field to ensure
that users cannot enter unnecessary characters. For example, a user
does not need to enter numbers into a text field that should be used
to enter their name.
• Countermeasures that can be taken by the end user to prevent XSS
attacks would be to access websites while disabling the javascript
functionalities. This would degrade the appearance of the website but
will ensure that malicious scripts don’t run on their personal devices.
• End users can also disable flash players from running on their web
browsers.

Cross Site Request Forgery
• Cross Site Request Forgery works on the principle that some web
application grant users a unique session token so that the user does
not need to provide proof of authorization every time the user
performs an action on the website.
• Attackers use this principle and trick end users of a web application
into performing actions that were not intended.
• Such an attack can provoke financial losses on behalf of the end user.

Description
• Let us assume that Alice is a customer of XYZ bank and it has a web domain
www.xyzbank.com.
• Alice wants to log onto her bank account online and perform some
transactions.
• The bank website provides Alice with a session token the moment her
credentials are entered and verified.
• Alice continues to perform her bank transactions and XYZ can make sure
that Alice herself is performing those transactions becau...


Anonymous
Great content here. Definitely a returning customer.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Related Tags