Cyber

Security
Dr. Uddipana
Dowerah
Web Application Security
Web Site Vulnerabilities
• XSS – Cross-site scripting
• Bad web site sends innocent victim a script that steals information from
an honest web site

• SQL Injection
• Browser sends malicious input to server
• Bad input checking leads to malicious SQL query

• CSRF – Cross-site request forgery

• Bad web site sends browser request to good web site, using credentials
of an innocent victim

• Buffer Overflow
• A buffer overflow occurs when a program writing data to a buffer
overloads that buffer's capacity
Cross-Site Scripting (XSS)

• Attacker attaches code onto a legitimate website that will execute when the
victim loads the website.

• How to insert code - either added to the end of a URL or posted directly
onto a page that displays user-generated content.

• Client-side code injection attack (JavaScript code that runs on a user’s machine)

• This code can then be used to access a user's private information, such as
cookies, session tokens, and other sensitive data.
Cross-Site Scripting (XSS)
How Does XSS Work?
• By exploiting a vulnerability in a website, which results in it returning
malicious JavaScript code when users visit it.

• The execution of malicious code occurs inside the user’s browser, enabling
the attacker to compromise the victim’s interaction with the site.

• An XSS attack is typically composed of two stages

• inject malicious code, also known as a payload, into the web-page the
victim visits
• the victim visits the intended website that has been injected with the
payload (attackers often use social engineering techniques or launch a phishing attack to send the
victims to the malicious website.)
XSS Attack Flow

• The victim loads a webpage and the malicious code copies the user’s
cookies

• The code then sends an HTTP request to an attacker’s webserver with the
stolen cookies in the body of the request.

• The attacker can then use those cookies to impersonate the user on that
website
• for the purpose of a social engineering attack
• to access bank account numbers or other sensitive data.
Why would XSS occur?

• Happens when a web application takes user input and includes it in the
webpage without properly validating or encoding it.

• If an attacker injects a script (e.g., <script>alert('XSS')</script>),

the browser will execute it.

• Potentially leading to data theft or session hijacking.

Example: How XSS works on Online Blogs

• A comment section on an online blog allows users to submit text.

• Everyone can post comments, which will be displayed to everyone who

view the post

• If the website does not properly filter out <script> tags, an attacker could
submit <script>alert('You have been hacked!');</script>

• When another user views the page, the script runs in their browser.

• They can have their local authentication cookies stolen

Preventing XSS

• Sanitize Inputs: Remove harmful <script> tags and other risky elements.

• Escape Output: Convert special characters (<, > etc.) into HTML entities.
• The <script> tag is escaped as &lt;script&gt;
• this would appear as <script>, instead of being executed as
JavaScript.

• Validating inputs - Implementing rules that prevent a user from posting

data into a form that doesn’t meet certain criteria.

• Use HTTP-Only Cookies: Prevent JavaScript from accessing session

cookies.
SQL Injection

• Structured Query Language (SQL) Injection is a code injection technique

used to modify or retrieve data from SQL databases.

• By inserting specialized SQL statements into an entry field, an attacker is

able to execute commands that allow
• bypass authentication
• retrieval of data from the database
• Or destruction of sensitive data
SQL Database
• A SQL database, also known as a relational database, is a system that
stores and organizes data into highly structured tables of rows and
columns.

ID Name Email Age

1 Alice alice@email.com 25
2 Bob bob@email.com 30

• SQL Queries → Data is accessed using commands like:

SQL Database
• To retrieve all users:

• To insert a new user:

How SQL Injection Works
• Normal SQL query:

• SQL Injection query:

Since '1'='1' is always true, the attacker can log in without knowing the real
password.
How SQL Injection Works
• Login forms: A user enters this malicious input instead of a normal
username

• Enter your username:

• URL query: An attacker modifies the URL like this:

• The attacker gets all user records instead of just one.

How SQL Injection Works
How to prevent SQL Injection?
• Use of Prepared Statements (with Parameterized Queries)
• Separates SQL code from user input
• The database treats user input as data, not code, preventing attackers
from injecting malicious SQL.

• Escape All User Supplied Input

• telling the database not to parse it as a command or conditional but
instead treat it as literal input.

• Input Validation & Whitelisting

• Only allow expected data types
• For example: Expect a string for a username, but validate that it only
contains alphanumeric characters (no special characters).
• Expect an email in a specific format and reject anything else.
Cross-Site Request Forgery (CSRF)

• Also known as one click attack or session riding

• Effect: Transmits unauthorized commands from a user who has logged in to

a website to the website.

• Example: transferring funds from their account, changing their email

address and password, or some other undesired action.

• “A CSRF attack forces a logged-on victim's browser to send a pre-

authenticated request to a vulnerable web application, which then forces
the victim's browser to perform a hostile action to the benefit of the
attacker.”
Cross-Site Request Forgery (CSRF)

• Example:
– User logs in to bank.com. Forgets to sign off.
– Session cookie remains in browser state
– The attacker sends the user an email or posts a link on a website, like
<form name=F action=http://bank.com/BillPay.php>
<input name=recipient value=badguy> …
<script> document.F.submit(); </script>
– The user, who is still logged into bank.com, clicks the link
– browser sends the user authentication cookie along with the request
• Transaction will be successful

• Problem:
– The browser is a confused deputy; it is serving both the websites and the
user and gets confused who initiated a request
CSRF Prevention Techniques

• Add a secondary authentication mechanism

• Such as an impossible to guess token

• Require a confirmation page before executing potentially dangerous

actions

• Eliminate XSS vulnerabilities

Buffer Overflow
• An anomaly that occurs when a program writes more data to a buffer than
it can hold.

• This excess data spills over into adjacent memory locations

• Potentially overwriting critical data or executing malicious code

How Does a Buffer Overflow Attack Work?
Memory Allocation:
• Programs allocate a fixed-size buffer (e.g., an array) to store user input or
other data.

Overflow Occurs:
• If a user inputs more data than expected, it overwrites adjacent memory
locations.

Exploiting the Overflow:

• Attackers craft input that could trigger a response that damages files,
changes data or unveils private information.
Example
• Certain coding languages are more susceptible to buffer overflow than
others.
• C and C++ do not offer memory-safety
Example
• gets() does not limit input size
• Can overwrite memory leading to buffer overflow
• Use fgets() instead -- fgets(buffer, size, stdin)
How to Prevent Buffer Overflow Attacks

• Use Safe Functions: Replace unsafe functions like gets()with

safer alternatives like fgets()

• Implement Bounds Checking: Always verify input size before writing

to buffers.

• Use Modern Languages: Languages like Python, Java, and Rust

have built-in memory safety features.