The ability for users to inject content into web pages is the root cause of a broad class of vulnerabilities, which can affect the experience of other users, and leak potentially useful information out to an attacker. We’ll conduct some attacks in a controlled environment, and then learn how to defend against them in our own web applications.
Client-Side VulnerabilitiesCross-Site Scripting (XSS)
Cross-Site Scripting (XSS) typically originates from failing to sufficiently sanitize user-generated content. We’ll look at how several types of seemingly benign user input can be used to inject some troublesome code into a web application.
Client-Side VulnerabilitiesATTACK: Cross-Site Scripting
Find a way to use a cross-site scripting attack to inject a malicious script into the example web application, such that the user’s username and password are sent to a RequestBin when they attempt to login. The operation of the application should not be obviously affected.
Client-Side VulnerabilitiesDEFEND: Cross-Site Scripting
Use some content sanitization techniques to ensure that raw user-generated content isn’t used dangerously. This should result in your previous XSS attack being "disarmed".
Client-Side VulnerabilitiesCross-Site Request Forgery Attacks (CSRF)
Cross-Site Request Forgery Attacks (CSRF) attacks force users to take unwanted actions in an application to which they're currently authenticated. We'll look at how this attack works, and what we can do to mitigate against it.
Client-Side VulnerabilitiesATTACK: CSRF
Stage a CSRF attack against the online banking example app to get users who click a particular link to transfer funds from their account to another one.
Client-Side VulnerabilitiesDEFEND: CSRF
Use a CSRF token to defend against request forgery attacks. Your attack in the previous exercise should no longer work.
Break for lunch
Client-Side VulnerabilitiesClickjacking Attacks
Clickjacking involves carefully placing a transparent frame in a way that tricks the user into clicking a legitimate button, ultimately resulting in users performing an unintentional action in another web application.
Client-Side VulnerabilitiesATTACK: Clickjacking
Stage a clickjacking attack using the example web application, by positioning a transparent frame of the "Blue" web application over the "Red" web application.
Client-Side VulnerabilitiesDEFEND: Clickjacking
X-Frame-Optionsheaders on the HTTP response for the "Blue" web application. This should disarm your previous Clickjacking attack.