Web Application Security - Stanford University

Spring 2010

CS 155

Web Application Security

John Mitchell

Reported Web Vulnerabilities "In the Wild"

Data from aggregator and validator of NVD-reported vulnerabilities

Three top web site vulnerabilites

SQL Injection

? Browser sends malicious input to server

? Bad input checking leads to malicious SQL query

CSRF ¨C Cross-site request forgery

? Bad web site sends browser request to good web

site using credentials of an innocent victim

site,

XSS ¨C Cross-site scripting

? Bad web site sends innocent victim a script

p that

steals information from an honest web site

Three top web site vulnerabilites

SQL Injection

? Browser sends

malicious

to server

Uses SQL

to changeinput

meaning

of

database command

? Bad input checking leads to malicious SQL query

CSRF ¨C Cross-site request forgery

? Bad web site

Leverage

sends request

user¡¯s session

to good

at

web site, using

victim sever

credentials of an innocent

victim who ¡°visits¡±

visits site

XSS ¨C Cross-site scripting

? Bad web site

sends

innocent

p that

Inject

malicious

scriptvictim

into a script

steals information

fromcontext

an honest web site

trusted

Command Injection

................
................

In order to avoid copyright disputes, this page is only a partial summary.

Google Online Preview   Download

To fulfill the demand for quickly locating and searching documents.

It is intelligent file search solution for home and business.

Literature Lottery

Related download
Related searches

©2024 5y1.org, Inc. All rights reserved.