Learn the mechanics behind Cross-Site Scripting vulnerabilities and attacks.
The access to this course is restricted to PenTest Premium or IT Pack Premium Subscription
Web application security is a really wide topic that spread from technologies related issues to processes related issues. In brief, web application security consists of a series of procedures, good practices and effective countermeasures, adopted by organizations, programmers and sysadmins in order to prevent a loss of Confidentiality, Integrity and Availability of a web application and of the information it manages. Nowadays is fundamental to take care about web application security because web applications became mission critical: from 70s to late 90s companies ran their business on dedicated machines located inside the corporate network and accessed only through specialized client software and\or hardware, now they expose their critical system through a web interface accessible by standard protocols (HTTP/HTTPS) and common clients (web browsers). In a typical multi tier application the attack surface could be represented as the following:
- Logic tier: this tier implements the business logic of the web application. Elements of the attack surface for this layer are for example the functionalities that accepts user input that are poorly implemented. The attacks to this layer targets the web application itself or the user data managed by the web application through the vulnerable functionalities;
- Data Tier: this tier often is the most important one because it keeps the data valuable for the business. Elements of the attack surface for this layer are for example store procedures and generally the functionalities implemented to store and retrieve the information. The attacks to this layer targets the information managed by the web application.
Threat agents caught this opportunity moving their way to attack a company from sophisticated network attacks to more reliable web attacks. One of the reasons that leads a threat agent to attack a web application, is that it offers multiple layers susceptible to several classes of attack.
After completing this course you will be able to:
- Detect and exploit XSS vulnerability.
- Understand the real risk behind this kind of of vulnerability.
- Impress your customers with awesome Proof of Concept far beyond the classic pop-up.
What will you learn in this workshop
- Introduction to web application security
- Introduction to XSS Attacks
- Types of XSS
- Causes of XSS
- Risks that result from XSS attacks
- Detect the vulnerabilities that allow you to perform XSS attacks
- XSS Attack Vectors (HTTPWEB Based)
- XSS Reflected VS Stored
- DOM based XSS
- How to trick users
- Write your first XSS exploit
- Introduction to XPS Attacks (Cross Protocol Scripting)
- XPS Attack Vectors
- Introduction to scapy
- Network Packet manipulation with scapy
- Detect the vulnerabilities that allow you to perform XPS attacks
- XPS practical example: linksys 0day introduction
- Introduction to XSS Filter evasion
- Filter evasion via "unusual" attack vector
- Filter evasion via character encoding
- Example of filter evasion
- Common tools useful during a pentest to perform XSS attacks