Secure Computing Midterm Part 3

Card Set Information

Secure Computing Midterm Part 3
2014-10-16 00:49:15
midterm secure computing part

part 3 of secure computing midterm notes
Show Answers:

  1. something dangerous that javascript can do
    modify local client files
  2. 2 forms of javascript
    • client-side scripting
    • server-side scripting
  3. javascripts 3 popup boxes
    • alert()
    • confirm()
    • prompt("text", "default value in textbox");
  4. XMLHttpRequest
    • supported by all modern browsers
    • allows a javascript to communicate with a server from within a webpage
    • browser and platform independent
  5. AJAX
    • Asynchronous JavaScript And XML
    • allows web pages to be updated with info from the server without the page refreshing
  6. JPEG vulnerability
    • jpegs are capable of triggering buffer overflow 
    • can grab all files in the HTTP server
    • bind a shell to a port
  7. save picture as vulnerability
    • IE strips extra extension of multiple file ext.
    • exploit.jpg.hta would look like exploit.jpg
    • this will cause the user to download malicious scripts.
  8. 3 image tag security issues
    • communicate with other sites
    • hide resulting image(setting height and width to 1)
    • spoof other sites
  9. onError
    • javascript
    • triggers when error occurs loading a document or an image
    • used to validate images or docs on a webpage
  10. remote scripting goal
    exchange data between client and server without reloading the page
  11. iframe
    used to display a webpage within a webpage
  12. Same Origin Policy Applies to:
    • windows
    • urls requested
    • frames
    • documents
    • cookies
  13. Same Orgin Policy Goal
    • safe to visit an evil website
    • safe to visit 2 pages at the same time(URL distinguishes)
    • allow safe delegation(iframe)
  14. Problems with same origin policy
    • poorly enforced on some browsers
    • can be bypassed in XSS attacks
    • limitations if site hosts unrelated pages
  15. CORS
    • Cross-origin resource sharing
    • allows many resources(fonts, Javascript) on a webpage to be requested from another domain
  16. 2 types of CORS
    • network requests
    • client side communication
  17. CORS network requests
    • Access-Control-Allow-Origin: <list of domains>
    • Access-Control-Allow-Origin: * (universal access)
  18. CORS client side communication
    • message passing via navigation(older browsers)
    • postMessage(newer browsers)
  19. Permissive Navigation Policy
    • a frame can navigate any frame
    • Guninski attack
  20. Window Navigation Policy
    • a frame can navigate frames in the same window
    • Gadget Hijacking
  21. Descendant Navigation Policy
    • A frame can navigate its decendants
    • message eavesdropping
    • attacker embeds a frame to a gadget then calls postMessage() on that frame
    • defence: frame busting
  22. child Navigation Policy
    a frame can navigate its children
  23. cookie
    • small file that is :
    • provided by the server as an http response header
    • stored by client
    • returned to the server as an http request header
  24. secure cookies
    • browser will only send cookie back over https
    • but attacker can still rewrite secure cookies over HTTP
  25. httpOnly cookies
    • cookies only sent over https 
    • not accessible to scripts
    • cannot be read via document.cookie
  26. frame busting
    prevents a site from functioning when loaded inside a frame