Time
9 hours 31 minutes
Difficulty
Intermediate
CEU/CPE
10

Video Description

In this lesson, participants learn definitions: web applications often direct users to other web sites and use this information. If the validation is not proper, attackers can re-direct users toward malicious content and take their personal information. This lesson also discusses some Java code samples; specifically focusing on location.replace (some URL). The instructor also presents a case study, this particular one is on water holes, which is a term used to describe an attacker-controlled web site that is the landing page for re-directed victims.

Video Transcription

00:04
Hello and welcome to the cyber very secure coding course. My name is Sonny Wear, and this is a WASP Top 10 for 2013.
00:13
A 10 unveil a dated redirects and forwards. Now first, let's take a look at our definition from O ost. Web applications frequently redirect and forward users to other pages and websites and use untrusted data to determine the destination pages.
00:32
Without proper validation. Attackers can redirect victims to fishing or malware. Sites are used for words to access unauthorized pages.
00:43
If we take a look at our mosque chart, we can see that the attack vector exploit ability in this category is average.
00:51
The technical impact is moderate.
00:55
Now, looking at the security weakness, it states, the following
00:59
applications frequently redirect users to other pages or use internal forwards in a similar manner.
01:07
Sometimes the target pages specified in an unveiling, dated parameter, allowing Attackers to choose the destination page.
01:18
Now the good news is detecting unchecked redirects is easy. Look for redirects where you can set the full u. R L Unchecked forwards are harder, since they target internal pages.
01:33
Taking a look at some code samples. We have a couple from Java first J S P code, you're going to find references to redirects in your response object. Such ascend, redirect and then a year old has passed there
01:51
in the Google G W T class window dot location, there is a replace method that case in a string that
02:00
directs the user to a new U. R L. So in either of these cases,
02:06
if unveil it dated data is passed to those location functions,
02:12
they can provide the opportunity
02:15
for our victims to be redirected to an attacker controlled website.
02:21
Now the PHP sample code we have is very similar in nature to the Java. Here we have some code that receives the value from the U. R L parameter and then immediately uses that value as its assigned to a variable without doing
02:38
doing any kind of validation Check.
02:43
Now the case study is on watering holes.
02:46
If you've never heard the term watering hole before, it's usually used to describe
02:53
an attacker controlled website
02:54
that is the landing page for redirected victims.
03:00
Now, in this article, the particular targeted websites were government agencies and banks,
03:09
and there were links on those pages that were actually really replaced with a redirect attack. In other words, theat location code didn't do any kind of validation. And so those links actually would forward to other watering holes.
03:30
In this particular case, the watering holes were actually websites that had very poor security.
03:37
The purpose of which, of course, is that once the victim lands on the watering hole site, meeting the website with less security, the attacker can then perform all sorts of various JavaScript injection attacks, behind the scenes to perform cookie stealing and
03:57
various other attacks
03:59
that we've covered in our modules.

Up Next

Secure Coding

In the Secure Coding training course, Sunny Wear will show you how secure coding is important when it comes to lowering risk and vulnerabilities. Learn about XSS, Direct Object Reference, Data Exposure, Buffer Overflows, & Resource Management.

Instructed By

Instructor Profile Image
Sunny Wear
Instructor