By: Greg Wroblewski & Ryan Barnett
Cross-site scripting issues remain a big problem of the web: using a combination of big data mining and relatively simple detection methods, we have identified attackers successfully exploiting XSS flaws on over 1,000 vulnerable pages on hundreds of websites, spanning multiple countries, types of organizations, all major TLDs, and well known international companies. We also found numerous malicious attacks of different severity leveraging existing XSS vulnerabilities.
In this talk first we summarize our findings, presenting both unusual cases and various statistics, and then we follow up with present state-of-the art methods of protection from probing for XSS vulnerabilities and XSS attacks, showing that they are capable of intercepting over 95% of the real-world malicious samples. We will also introduce a new research tool called detectXSSlib, which is a lightweight module for nginx server dedicated to real-time detection of XSS attacks.
Cross-site scripting issues remain a big problem of the web: using a combination of big data mining and relatively simple detection methods, we have identified attackers successfully exploiting XSS flaws on over 1,000 vulnerable pages on hundreds of websites, spanning multiple countries, types of organizations, all major TLDs, and well known international companies. We also found numerous malicious attacks of different severity leveraging existing XSS vulnerabilities.
In this talk first we summarize our findings, presenting both unusual cases and various statistics, and then we follow up with present state-of-the art methods of protection from probing for XSS vulnerabilities and XSS attacks, showing that they are capable of intercepting over 95% of the real-world malicious samples. We will also introduce a new research tool called detectXSSlib, which is a lightweight module for nginx server dedicated to real-time detection of XSS attacks.
Black Hat USA 2013 - The Web IS Vulnerable: XSS Defense on the BattleFront blackhat 2015 | |
1 Likes | 1 Dislikes |
401 views views | 117K followers |
People & Blogs | Upload TimePublished on 2 Dec 2013 |
Không có nhận xét nào:
Đăng nhận xét