XSS - Cross Site Scripting

From Small ICT Projects Wiki

Jump to: navigation, search

Contents

Projectdescription

The project will cover a introduction to XSS - Cross Site Scripting.

* Theory
* JavaScript introduction
* Real-life examples
* Exercises

Technologies

* JavaScript
* AJAX (set of technologies) => XML, JavaScript
* HTTP, Webbrowser

Groupmembers

David Mayer (Erasmus)

'External' partners

none

Expected results

  • Basics to learn concerning XSS attacks in a handy paper.
  • Excercises provided to apply new learned skills.


Different kind of attacks (examples):

  • Malicious code provided by one client for another client
  • Malicious code sent inadvertently by a client for itself
  • Abuse of other tags
  • Abuse of trust

Ways of protecting:

  • SSL encryption is no protection
  • Thinking before clicking
  • IE settings: Security Zones
  • JavaScript => disable?
  • Surfing as a SuperUser/Admin

Added value

  • Insight in the attack methods of XSS
  • JavaScript (AJAX) programming techniques
  • Combining right software pieces to get a certain and well defined result (e.g. example site defacing)

Overview

  • Introduction (Technologies, Sec-Issues, Occurences)
  • Prerequisites (tools, knowledge)
  • Impacts (Attack Scenario)

Methods of Injection, and filtering

         - Injection Points
         - Injection methods and filtering
         - XSS scripting tips and tricks

Conclusion & defense

  • Defense in common web coding languages
  • Java (J2EE,JSP), PHP

Added value for everybody

v.s.

Personal tools