783 research outputs found
The zombies strike back: Towards client-side beef detection
A web browser is an application that comes bundled with every consumer operating system, including both desktop and mobile platforms. A modern web browser is complex software that has access to system-level features, includes various plugins and requires the availability of an Internet connection. Like any multifaceted software products, web browsers are prone to numerous vulnerabilities. Exploitation of these vulnerabilities can result in destructive consequences ranging from identity theft to network infrastructure damage. BeEF, the Browser Exploitation Framework, allows taking advantage of these vulnerabilities to launch a diverse range of readily available attacks from within the browser context. Existing defensive approaches aimed at hardening network perimeters and detecting common threats based on traffic analysis have not been found successful in the context of BeEF detection. This paper presents a proof-of-concept approach to BeEF detection in its own operating environment – the web browser – based on global context monitoring, abstract syntax tree fingerprinting and real-time network traffic analysis
Reverse Proxy Framework using Sanitization Technique for Intrusion Prevention in Database
With the increasing importance of the internet in our day to day life, data
security in web application has become very crucial. Ever increasing on line
and real time transaction services have led to manifold rise in the problems
associated with the database security. Attacker uses illegal and unauthorized
approaches to hijack the confidential information like username, password and
other vital details. Hence the real time transaction requires security against
web based attacks. SQL injection and cross site scripting attack are the most
common application layer attack. The SQL injection attacker pass SQL statement
through a web applications input fields, URL or hidden parameters and get
access to the database or update it. The attacker take a benefit from user
provided data in such a way that the users input is handled as a SQL code.
Using this vulnerability an attacker can execute SQL commands directly on the
database. SQL injection attacks are most serious threats which take users input
and integrate it into SQL query. Reverse Proxy is a technique which is used to
sanitize the users inputs that may transform into a database attack. In this
technique a data redirector program redirects the users input to the proxy
server before it is sent to the application server. At the proxy server, data
cleaning algorithm is triggered using a sanitizing application. In this
framework we include detection and sanitization of the tainted information
being sent to the database and innovate a new prototype.Comment: 9 pages, 6 figures, 3 tables; CIIT 2013 International Conference,
Mumba
Automated Dynamic Firmware Analysis at Scale: A Case Study on Embedded Web Interfaces
Embedded devices are becoming more widespread, interconnected, and
web-enabled than ever. However, recent studies showed that these devices are
far from being secure. Moreover, many embedded systems rely on web interfaces
for user interaction or administration. Unfortunately, web security is known to
be difficult, and therefore the web interfaces of embedded systems represent a
considerable attack surface.
In this paper, we present the first fully automated framework that applies
dynamic firmware analysis techniques to achieve, in a scalable manner,
automated vulnerability discovery within embedded firmware images. We apply our
framework to study the security of embedded web interfaces running in
Commercial Off-The-Shelf (COTS) embedded devices, such as routers, DSL/cable
modems, VoIP phones, IP/CCTV cameras. We introduce a methodology and implement
a scalable framework for discovery of vulnerabilities in embedded web
interfaces regardless of the vendor, device, or architecture. To achieve this
goal, our framework performs full system emulation to achieve the execution of
firmware images in a software-only environment, i.e., without involving any
physical embedded devices. Then, we analyze the web interfaces within the
firmware using both static and dynamic tools. We also present some interesting
case-studies, and discuss the main challenges associated with the dynamic
analysis of firmware images and their web interfaces and network services. The
observations we make in this paper shed light on an important aspect of
embedded devices which was not previously studied at a large scale.
We validate our framework by testing it on 1925 firmware images from 54
different vendors. We discover important vulnerabilities in 185 firmware
images, affecting nearly a quarter of vendors in our dataset. These
experimental results demonstrate the effectiveness of our approach
Malicious JavaScript Detection using Statistical Language Model
The Internet has an immense importance in our day to day life, but at the same time, it has become the medium of infecting computers, attacking users, and distributing malicious code. As JavaScript is the principal language of client side pro- gramming, it is frequently used in conducting such attacks. Various approaches have been made to overcome the JavaScript security issues. Some advanced approaches utilize machine learning technology in combination with de-obfuscation and emula- tion. Many methods of analysis incorporate static analysis and dynamic analysis. Our solution is entirely based on static analysis, which avoids unnecessary runtime overhead.
The central objective of this project is to integrate the work done by Eunjin (EJ) Jung et al. on Towards A Robust Detection of Malicious JavaScript (TARDIS) into the web browser via a Firefox add-on and to demonstrate the usability of our add- on in defending against such attacks. TARDIS uses statistical language modeling for an automatic feature extraction and combines it with structural features from an abstract syntax tree [1]. We have developed a Firefox add-on that is capable of extracting JavaScript code from the page visited and classifying the JavaScript code as either malicious or benign. We leverage the bene t of using a pre-compiled training model in JavaScript Object Notation (JSON). JSON is lightweight and does not consume much memory on a user’s machine. Moreover, it stores the data as key-value pairs and easily maps to the data structures used in modern programming languages. The principle advantage of using a pre-compiled training model is better performance. Our model can achieve 98% accuracy on our sample dataset
Some security issues for web based frameworks
This report investigates whether a vulnerability found in one web framework may be used to find a vulnerability in a different web framework. To test this hypothesis, several open source applications were installed in a secure test environment together with security analysis tools. Each one of the applications were developed using a different software framework. The results show that a vulnerability identified in one framework can often be used to find similar vulnerabilities in other frameworks. Crosssite scripting security issues are the most likely to succeed when being applied to more than one framework
Recommended from our members
Detecting Cross-Site Scripting Attacks Using Machine Learning
Cross-site scripting (XSS) is one of the most frequently occurring types of attacks on web applications, hence is of importance in information security. XSS is where the attacker injects malicious code, typically JavaScript, into the web application in order to be executed in the user’s browser. Identifying that a script is malicious is an important part of the defence of a web application. This paper investigates using SVM, k-NN and Random Forests to detect and limit these attacks, whether known or unknown, by building classifiers for JavaScript code. It demonstrated that using an interesting feature set combining language syntax and behavioural features results in classifiers that give high accuracy and precision on large real world data sets without restricting attention only to obfuscation
XSS attack detection based on machine learning
As the popularity of web-based applications grows, so does the number of individuals
who use them. The vulnerabilities of those programs, however, remain a concern. Cross-site
scripting is a very prevalent assault that is simple to launch but difficult to defend against.
That is why it is being studied.
The current study focuses on artificial systems, such as machine learning, which can
function without human interaction. As technology advances, the need for maintenance is
increasing. Those maintenance systems, on the other hand, are becoming more complex.
This is why machine learning technologies are becoming increasingly important in our daily
lives.
This study use supervised machine learning to protect against cross-site scripting, which
allows the computer to find an algorithm that can identify vulnerabilities. A large collection
of datasets serves as the foundation for this technique. The model will be equipped with
functions extracted from datasets that will allow it to learn the model of such an attack by
filtering it using common Javascript symbols or possible Document Object Model (DOM)
syntax.
As long as the research continues, the best conjugate algorithms will be discovered that
can successfully fight against cross-site scripting. It will do multiple comparisons between
different classification methods on their own or in combination to determine which one
performs the best.À medida que a popularidade dos aplicativos da internet cresce, aumenta também o
número de indivíduos que os utilizam. No entanto, as vulnerabilidades desses programas
continuam a ser uma preocupação para o uso da internet no dia-a-dia. O cross-site scripting
é um ataque muito comum que é simples de lançar, mas difícil de-se defender. Por isso, é
importante que este ataque possa ser estudado.
A tese atual concentra-se em sistemas baseados na utilização de inteligência artificial e
Aprendizagem Automática (ML), que podem funcionar sem interação humana. À medida
que a tecnologia avança, a necessidade de manutenção também vai aumentando. Por outro
lado, estes sistemas vão tornando-se cada vez mais complexos. É, por isso, que as técnicas
de machine learning torna-se cada vez mais importantes nas nossas vidas diárias.
Este trabalho baseia-se na utilização de Aprendizagem Automática para proteger contra
o ataque cross-site scripting, o que permite ao computador encontrar um algoritmo que
tem a possibilidade de identificar as vulnerabilidades. Uma grande coleção de conjuntos de
dados serve como a base para a abordagem proposta. A máquina virá ser equipada com o
processamento de linguagem natural, o que lhe permite a aprendizagem do padrão de tal
ataque e filtrando-o com o uso da mesma linguagem, javascript, que é possível usar para
controlar os objectos DOM (Document Object Model).
Enquanto a pesquisa continua, os melhores algoritmos conjugados serão descobertos
para que possam prever com sucesso contra estes ataques. O estudo fará várias comparações
entre diferentes métodos de classificação por si só ou em combinação para determinar o
que tiver melhor desempenho
XSS Vulnerabilities in Cloud-Application Add-Ons
Cloud-application add-ons are microservices that extend the functionality of
the core applications. Many application vendors have opened their APIs for
third-party developers and created marketplaces for add-ons (also add-ins or
apps). This is a relatively new phenomenon, and its effects on the application
security have not been widely studied. It seems likely that some of the add-ons
have lower code quality than the core applications themselves and, thus, may
bring in security vulnerabilities. We found that many such add-ons are
vulnerable to cross-site scripting (XSS). The attacker can take advantage of
the document-sharing and messaging features of the cloud applications to send
malicious input to them. The vulnerable add-ons then execute client-side
JavaScript from the carefully crafted malicious input. In a major analysis
effort, we systematically studied 300 add-ons for three popular application
suites, namely Microsoft Office Online, G Suite and Shopify, and discovered a
significant percentage of vulnerable add-ons in each marketplace. We present
the results of this study, as well as analyze the add-on architectures to
understand how the XSS vulnerabilities can be exploited and how the threat can
be mitigated
- …