Explore the complexities and pitfalls of the same origin policy in this Black Hat EU 2013 conference talk. Delve into practical examples of attacks occurring between browser tabs, examining scenarios where common content-isolation mechanisms fail to protect against CSRF, clickjacking, and NTLM attacks. Learn about the challenges in completely mitigating these vulnerabilities, including cookie scope issues, framework weaknesses, and single sign-on complications. Discover practical CSRF tips, unconventional attack ideas, and strategies for improving web application security. Gain insights into OAuth2 vulnerabilities, browser manipulation techniques, and the importance of thorough security implementation in web frameworks.
Overview
Syllabus
Hi my name is Rich
Background
What is the same origin policy?
Same Origin Policy CSRF Quirks
Which Same Origin Policy?
Cookie Scope
Useful Cookie Facts
Recap: Writing Cookies
Double Submit Cookies
Framework Weaknesses
Cookies Apply to other CSRF Things!
NET MVC CSRF Protection
Other Frameworks
Single Sign On
How do we mitigate?
Tying Accounts Together
Attack Ideas
OAuth2 Facebook Attack
OAuth2 Attack
Logging into an Attacker Account
Attack Rating
A lot of custom Logic too
How do we fix this?
Practical CSRF Tips
"In-your-face" CSRF
Crashing Browsers
Logging out of Attacker Account
CSRF Protected POST XSS
"Non-Exploitable" XSS example
Generic Takeaways
Whitepaper Content
Taught by
Black Hat
Related Courses
-
Dissecting CSRF Attacks & Countermeasures
-
Keynote: Request Forgery on the Web - SSRF, CSRF and Clickjacking
-
Surfing the Sea and Drowning in Tabs - An Introduction to Cross Site Request Forgery
-
Modern Web Application Defense with OWASP Tools
-
Session Identifier are for Now, Passwords are Forever - XSS-Based Abuse of Browser Password Managers
-
XSS, CSRF, CSP, JWT, WTF? IDK - JSConf Iceland
