« Avoid the dangers of XPath injection | Main | US Denies Halvar Flake from presenting at blackhat »

Anti XSS using Ajax

"XSS have became a problem that most web developers still suffering from it tell now, simply because however you try hard to validate every user input it only takes a single line of code that prints out the user input without validation to render your whole application vulnerable to XSS attacks and once you are vulnerable several attacks methods can be applied on the users of your web application some of these attacks like the one I’ve demonstrated before can be really dangerous and undetectable. As we all know that perfect code is an illusion and also we all know that several bugs pass the testing phase without being detected especially if the testers were testing without security in mind so it’s very normal to have a web application that is vulnerable to XSS attacks even after testing several times. So what about a risk mitigation plan to avoid XSS attacks in case some XSS vulnerabilities showed up after the product have been deployed in live environment? Imagine if we can have a nice safe valve that can stop a catastrophe from happening, but how? This is a good question and to answer this question we have to think about the following:"

"1- The XSS attacks basically happen in the client side.

2- The XSS attacks usually happen using java script.

After considering the previous two points we can conclude that to stop a XSS attack that passed through our server side defenses and validations we need to stop it in the client side and because XSS attacks basically depends on java script which means the existence of <script> tags in the attacker code. So now we can get a conclusion that to stop XSS at the client side we can use java script to filter the return HTML from the server to identify attacker java script and warn the user about it or even warn the site admin about it so s/he can become aware of the attack so s/he can do something about it. But the real question now is how to identify the attacker java script from our legitimate java script? Well, we can do this by supplying something like a signature with our legitimate java script so we can identify it from the malicious attacker java script that have been injected in our web application pages and we can use another java script that will filter the page content to identify the unsigned java script as the attacker script and take some action about it in the client side whenever it’s founded, here is an example "

Article Link: http://barmagy.com/blogs/infinite_loop/archive/2007/07/20/498.aspx

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.


All Comments are Moderated and will be delayed!