PPT-Automatic Web Security Unit Testing: XSS Vulnerability

Detection Mahmoud Mohammadi Bill Chu Heather Richter Emerson MurphyHill Presenter Deepthi Gangala Introduction Web Security Web  application  security  is a branch of Information . A. pplication. Sara Sartoli Akbar Siami Namin. NSF-SFS workshop. July 14-18, 2014. How to install and run DVWA. E. xploit a . some . SQL . Injection . attacks. Upload a malicious file. Exploit an XSS attack. (An introduction to the OWASP Top Ten Project). Barry Dorrans. Microsoft Information Security Tools. NEW AND IMPROVED!. Contents. OWASP Top Ten. http://www.owasp.org. A worldwide free and open community focused on improving the security of application software. Brad Hill, PayPal. bhill@paypal-inc.com @hillbrad. W3Conf:.  Practical standards for web . professionals. 21.  -22 February 2013 . San . Francisco. “. The reason that the Web browser is the principal entry point for malware is the number of choices that a browser offers up to whomever is at the other end. Evolving technologies like HTML5 promise to make this significantly worse. : Severing the . Self-Propagation . Path of XSS JavaScript Worms . in Social . Web Networks. Yinzhi . Cao. §. , . Vinod. . Yegneswaran. †. , Phillip . Porras. †. , and Yan Chen. §. §. Northwestern . Part 1. Authors: Marco . Cova. , . et al.. Presented by: Brett Parker and Tyler Maclean. Outline. Intro, Background, Trends. Technologies. Attacks. Vulnerability Analysis. Why web applications?. Growth of web-based applications over the years. Concrete Vulnerability Demonstrations for Software Engineering Undergraduates. Andy Meneely . and Samuel . Lucidi. Department of Software Engineering. Rochester Institute of Technology. Software Must Be Secure!. XSS Exploits. Patrick Dyroff. Sudikoff. http://. www.ists.dartmouth.edu. /images/. Sudikoff_Lab.JPG. Sergey . Bratus. ISTS. ' Chief Security Advisor and a Postdoctoral Research Assistant Professor in the Computer Science . UC . Hastings . College of Law. Introductory Remarks. Tom Dahdouh. Regional Director, Federal Trade Commission. Opening Remarks. Chairwoman Edith . Ramirez. Chairwoman, Federal . Trade Commission. Starting up Security. John Mitchell. CS 155. Spring 2018. Lecture outline. Introduction. Command injection. Three main vulnerabilities and defenses. SQL injection (. SQLi. ). Cross-site request forgery (CSRF). Cross-site scripting (XSS). Meet . theharmonyguy. 2001 – 2003. Administrator. for an ASP Portal. 2003 – 2007. Kennesaw State University. 2007 – 2009. Wake Forest University. Nov.. 2007. OpenSocial. Emote “Hack”. Jun. 2009. 2. Jim Manico. VP Security Architecture, WhiteHat Security. Web Developer,. 15 Years. OWASP. Connections Committee Chair. OWASP Podcast Series Producer/Host. OWASP Cheat-Sheet Series Project Manager. Sendurr Selvaraj. Naga . Sri . Charan. . Pendyala. Rama . Krishna Chaitanya . Somavajhala. Srujana . Bollina. Udaya. . Shyama. . Pallathadka. . Ganapathi. Bhat. [1] R . Ben Stock, Stephan . Pfistner. “VRM will free up many cycles for our six person team dedicated to vulnerability management.”. - Security Director, Telecom Company. “We developed our own solution which cost us north of a million dollars…we can replace it with VRM.”. XSS - Capabilities. Cookie Theft – Session Hijacking. Keylogging. – . addEventListener. ; passwords, credit cards, etc.. Phishing. “One . of the most common and useful XSS attacks is used to steal the user’s session, effectively enabling an attacker to log in as you.