1 00:00:00,120 --> 00:00:06,390 All right, so everyone, this is a snitch again, and this session is about security challenges, security 2 00:00:06,390 --> 00:00:08,670 challenges of war with JavaScript. 3 00:00:08,710 --> 00:00:09,030 Right. 4 00:00:09,630 --> 00:00:10,180 Oh, really? 5 00:00:10,230 --> 00:00:10,850 Yes. 6 00:00:10,860 --> 00:00:15,580 So you will be talking about some security challenges for JavaScript. 7 00:00:16,050 --> 00:00:18,220 Does it still exist? 8 00:00:18,780 --> 00:00:21,900 I would say yes, but maybe not. 9 00:00:21,900 --> 00:00:28,590 But I'm talking about from the nutshell and how it has been improved and what are the security measures 10 00:00:28,590 --> 00:00:35,030 with JavaScript in order to protect from JavaScript and which has been taken by many institutions in 11 00:00:35,110 --> 00:00:40,980 institutions and on the Web that application agencies. 12 00:00:41,220 --> 00:00:41,490 Right. 13 00:00:42,210 --> 00:00:43,290 So let's get started. 14 00:00:44,360 --> 00:00:45,810 We'll take the same example. 15 00:00:46,180 --> 00:00:56,090 And in our last example, we had user machine talking to a website, website as a example, dot com. 16 00:00:56,580 --> 00:01:03,400 And now in the same example, user is having a Web browser that the clanged machine and he's sending 17 00:01:03,440 --> 00:01:07,500 a certificate request in order to get the response from the website. 18 00:01:08,110 --> 00:01:09,390 What would be the response? 19 00:01:09,390 --> 00:01:14,720 It would be simply the EDP page of response, what it might carry. 20 00:01:14,720 --> 00:01:21,270 It can carry these images, text, text that might be redirected to another pages and all those stuff. 21 00:01:21,270 --> 00:01:24,570 In our case, it just is simple SCDP. 22 00:01:24,930 --> 00:01:27,500 In our case, just the title is Web site. 23 00:01:27,960 --> 00:01:28,390 That's it. 24 00:01:28,680 --> 00:01:33,200 So it's going to be completely blank website, but the blank page basically. 25 00:01:33,990 --> 00:01:39,980 So users sends a request, a request, but in return it get these blank page. 26 00:01:40,380 --> 00:01:44,650 But you what you would see if you imagine if you sorry. 27 00:01:44,670 --> 00:01:53,370 If you recall correctly in our last session we have seen JavaScript for better purpose. 28 00:01:53,550 --> 00:01:54,450 For what purpose. 29 00:01:54,450 --> 00:02:01,550 Basically for, for prompting or giving some alerts to the user about welcome to the world and all those 30 00:02:01,560 --> 00:02:01,660 are. 31 00:02:02,340 --> 00:02:06,620 But this can even be used for malicious purposes. 32 00:02:06,630 --> 00:02:07,020 Right. 33 00:02:07,500 --> 00:02:15,360 We know that JavaScript can be used for making your website beautiful enough, making the conversation 34 00:02:15,630 --> 00:02:22,980 dynamic in nature or making the conversation or the transaction between client machine and the server 35 00:02:23,250 --> 00:02:31,150 more and more a, you know, dynamic, proactive in nature and the real time as well. 36 00:02:31,500 --> 00:02:35,810 But this can also be used for some malicious activity. 37 00:02:36,510 --> 00:02:38,210 And this is what it can be done. 38 00:02:38,220 --> 00:02:41,970 I mean, it can have a redirection of us with JavaScript. 39 00:02:41,970 --> 00:02:45,860 We can even redirect the user response to another website. 40 00:02:45,900 --> 00:02:47,760 Right, by making user. 41 00:02:48,030 --> 00:02:50,690 So that's the syntax there. 42 00:02:50,700 --> 00:02:54,030 And you still have your script starting with that. 43 00:02:54,030 --> 00:02:56,670 And at the end and the ending syntax. 44 00:02:56,670 --> 00:02:59,490 And in between that we can have another website. 45 00:02:59,760 --> 00:03:06,540 If you see that malicious site example dot com, I just take it as an example and then you can redirect 46 00:03:06,540 --> 00:03:07,660 or some other website. 47 00:03:07,980 --> 00:03:09,950 But wait, how would this happen? 48 00:03:10,260 --> 00:03:14,070 Why would a genuine website would send your traffic to some other. 49 00:03:14,730 --> 00:03:16,920 Well, not for this to work. 50 00:03:16,950 --> 00:03:26,640 This website has to be either compromised or it is already infected or already have one already a malicious 51 00:03:26,640 --> 00:03:27,300 site maybe. 52 00:03:27,510 --> 00:03:35,090 So whether it might be owned by a hacker or it might be affected or infected by and hacker. 53 00:03:35,100 --> 00:03:35,500 Right. 54 00:03:35,850 --> 00:03:42,990 So in that case, it might send a malicious code or maybe the code which has been enforced, which has 55 00:03:42,990 --> 00:03:45,150 been programmed by the hacker. 56 00:03:45,180 --> 00:03:45,470 Right. 57 00:03:46,110 --> 00:03:48,210 So in that case, it might send a link. 58 00:03:48,210 --> 00:03:53,820 And once you once you see any any link on those blank page, you click on it and you get redirected. 59 00:03:54,630 --> 00:03:55,700 So that could happen. 60 00:03:56,430 --> 00:04:03,810 And even if you don't click on it and the script, basically what happened is the JavaScript engine 61 00:04:03,810 --> 00:04:10,710 on your browser basically basically downloaded all the content, all the content on the website image. 62 00:04:10,800 --> 00:04:17,460 Even if it he didn't even if it is not anywhere and even mentioned as a part of a link, it still be 63 00:04:17,470 --> 00:04:25,480 downloaded and you get you have to your browser follow the exact guideline given by the Joester. 64 00:04:25,530 --> 00:04:25,830 Right. 65 00:04:26,160 --> 00:04:28,440 In some situation you might have to click. 66 00:04:28,440 --> 00:04:36,120 But another situation, your browser simply download all the content of that Web page and it would also 67 00:04:36,120 --> 00:04:37,840 be downloading this script as well. 68 00:04:38,070 --> 00:04:41,170 So in that case, it will simply follow the response. 69 00:04:41,220 --> 00:04:41,620 All right. 70 00:04:42,120 --> 00:04:43,680 So this is a big challenge. 71 00:04:43,680 --> 00:04:50,070 But what is really happening, if you understand this, what are the points where the problem could 72 00:04:50,070 --> 00:04:50,700 arise? 73 00:04:50,700 --> 00:04:51,830 Right on the website. 74 00:04:52,200 --> 00:04:55,570 The first part we have already discussed in the input site. 75 00:04:55,950 --> 00:04:59,820 This is where we have discussed in case of a injection. 76 00:04:59,940 --> 00:05:07,680 If you remember correctly, correctly, sorry, if you remember correctly, that's where the input sanitisation 77 00:05:07,680 --> 00:05:09,770 wasn't really happening properly, right? 78 00:05:10,500 --> 00:05:22,020 Because of lack of input sanitisation, any user can send any kind of malicious query and it can disrupt 79 00:05:22,020 --> 00:05:28,410 the database or the application or can retrieve the desired information from the website, our web application. 80 00:05:28,830 --> 00:05:36,120 Now, this was pretty much vulnerable in case of when when input sanitisation is not happening properly. 81 00:05:36,360 --> 00:05:45,840 And in that situation, the client were very, you know, clim most of the user or there could be a 82 00:05:45,840 --> 00:05:52,170 malicious actor who can leverage the info, who can leverage such kind of attack to get information 83 00:05:52,170 --> 00:05:53,370 or desired information. 84 00:05:53,970 --> 00:06:01,870 In this situation, the output, sanitation or output part is something which can lead to trouble. 85 00:06:02,550 --> 00:06:11,010 How exactly is that in this situation, if the output is sending some information or the output side 86 00:06:11,010 --> 00:06:13,180 is sending some information from the website? 87 00:06:13,200 --> 00:06:15,270 This could lead to a challenge on the website. 88 00:06:15,540 --> 00:06:21,720 So it has to be sanitized that what information is really going out of the application? 89 00:06:22,200 --> 00:06:24,720 Let me tell you something you might be wondering. 90 00:06:24,720 --> 00:06:31,030 I mean, if it is really a malicious side, why would it why would somebody stop it from doing that? 91 00:06:31,380 --> 00:06:34,930 Of course not, if it is already an malicious site. 92 00:06:35,740 --> 00:06:40,200 I mean, it's a job of a malicious cyber hacking side to do this activity. 93 00:06:40,590 --> 00:06:46,980 We are talking about an infected site, a vulnerable site or maybe a compromised site in that situation. 94 00:06:46,980 --> 00:06:53,940 If it is an infected site where there is lack of standardization, it might send any sort of data out 95 00:06:53,940 --> 00:06:57,420 from the letting go from the network. 96 00:06:57,450 --> 00:06:57,680 Right. 97 00:06:58,230 --> 00:07:02,670 And in that situation itself, such kind of challenges might arise. 98 00:07:03,660 --> 00:07:11,040 So we are still not at the crosshatch scripting, but we are at the initial problem of JavaScript. 99 00:07:11,280 --> 00:07:13,580 Let's understand the real problem here. 100 00:07:14,220 --> 00:07:20,550 We understood that there is some information can be sent to a website and website, can send any kind 101 00:07:20,550 --> 00:07:23,960 of a JavaScript and it can be sent for a better purpose. 102 00:07:23,970 --> 00:07:28,590 It can be sent for, you know, some malicious activity as well. 103 00:07:29,070 --> 00:07:36,670 Now, let's understand, the real challenge here will be consolidating the same problem here as well. 104 00:07:36,810 --> 00:07:41,070 The user is sending a request on a site over here. 105 00:07:41,490 --> 00:07:46,740 Right in our example, it was w w w dot example, dot com. 106 00:07:47,100 --> 00:07:54,220 We got some response back the JavaScript engine on the browser loaded doege loaded those. 107 00:07:54,510 --> 00:08:01,650 You downloaded those JavaScript file JavaScript and it performed the required activity. 108 00:08:02,220 --> 00:08:09,840 Now, if that carries these same sorts of redirection, you know, redirection or the same JavaScript 109 00:08:09,840 --> 00:08:15,150 that we have just seen, it might be related to malicious site example, dot com. 110 00:08:15,160 --> 00:08:15,400 Right. 111 00:08:16,320 --> 00:08:22,980 And in that case, it would be forward to really a malicious side or a side which is completely been 112 00:08:22,980 --> 00:08:24,620 controlled by a hacker. 113 00:08:25,650 --> 00:08:26,520 This is what it is. 114 00:08:26,850 --> 00:08:30,620 And this lead to the compromise completely compromised situation. 115 00:08:30,630 --> 00:08:30,910 Right. 116 00:08:31,230 --> 00:08:32,660 So we understood the problem. 117 00:08:32,910 --> 00:08:38,940 Now, we understood the problem that the first website is where it can be an infected site. 118 00:08:39,330 --> 00:08:45,510 First Web site can be an infected site, which might be sending which might be letting the data to go 119 00:08:45,510 --> 00:08:47,730 outside without any standardization. 120 00:08:48,060 --> 00:08:50,970 So that data is being received by the user. 121 00:08:51,360 --> 00:08:58,080 And based on the data that there might be some redirection javascript with the associated text that 122 00:08:58,080 --> 00:09:04,170 would be seen in the last session, the request will be forwarded to the malicious site, the site which 123 00:09:04,170 --> 00:09:06,870 has been completely in control with the hacker. 124 00:09:07,290 --> 00:09:10,590 That's where the, you know, the request goes. 125 00:09:10,590 --> 00:09:13,840 And in the response to that, it will be completely compromised. 126 00:09:14,490 --> 00:09:14,870 Right. 127 00:09:14,880 --> 00:09:15,220 Sorry. 128 00:09:15,450 --> 00:09:23,130 So the problem is the problem is the injecting script on the another domain, because we are not really 129 00:09:23,130 --> 00:09:30,240 in the same domain to we are injecting this script so that the the traffic can be redirected to another 130 00:09:30,240 --> 00:09:34,350 domain because the source is not from the same domain, isn't it. 131 00:09:34,740 --> 00:09:42,840 Read the same script is being delivered from example dot com, but this goes to the malicious site example 132 00:09:42,840 --> 00:09:50,280 dot com maybe as an example that's really a problem and that's called domain redirection. 133 00:09:50,280 --> 00:09:57,860 I mean, that's really the problem, which is wherein we can inject this script to another domain, 134 00:09:57,870 --> 00:09:58,100 right. 135 00:09:58,110 --> 00:09:59,400 That's really a problem. 136 00:10:00,080 --> 00:10:08,510 For this to solve, the S&P was up, which is the same origin policy, if the same origin policy is 137 00:10:08,510 --> 00:10:11,180 not there with JavaScript, will never. 138 00:10:11,420 --> 00:10:17,240 I mean, whatever the kind of malicious code we have developed, this will never work because of this. 139 00:10:17,690 --> 00:10:21,890 Most of the hacks has been unsuccessful in the past. 140 00:10:21,890 --> 00:10:27,050 And this was developed specially for this purpose after the evolution of JavaScript. 141 00:10:27,200 --> 00:10:30,050 So this has been developed for the same reason. 142 00:10:30,650 --> 00:10:41,150 And this is really a solution so that we can not have such a redirection where the not any of the site 143 00:10:41,150 --> 00:10:47,540 can relate to you on any other site without looking at the multiple parameter. 144 00:10:48,320 --> 00:10:50,060 It depends on the JavaScript. 145 00:10:50,270 --> 00:10:57,230 I'm not talking about the Jurel that you go right example when you go to example one dot com and then 146 00:10:57,230 --> 00:11:01,270 it'll redirect you to another site that's altogether different. 147 00:11:01,290 --> 00:11:07,460 And we are talking about JavaScript, which is embedded on your website right in that situation and 148 00:11:07,460 --> 00:11:09,620 won't be redirected as it is. 149 00:11:10,190 --> 00:11:10,570 All right. 150 00:11:10,580 --> 00:11:20,510 So that's what goes about the problem that exists, used to exist, I would say, with JavaScript, 151 00:11:20,870 --> 00:11:24,030 and that has been solved with the S.O.P. 152 00:11:24,740 --> 00:11:29,630 Now we need to really understand what is there any criteria with S.O.P? 153 00:11:29,640 --> 00:11:32,420 I mean, does how does it really works? 154 00:11:32,780 --> 00:11:37,720 How does it in the standard the redirection is happening, is it happening on the same side? 155 00:11:37,730 --> 00:11:40,580 Is it really relevant or not on this parameter? 156 00:11:40,850 --> 00:11:46,670 So let's get into detail in the next session and understand what are the parameters that needs to be 157 00:11:46,670 --> 00:11:50,590 satisfied before it can be redirected. 158 00:11:50,600 --> 00:11:50,910 Right. 159 00:11:51,440 --> 00:12:00,470 Because I might be redirecting the content from my own site to my own website, maybe some other pages. 160 00:12:00,740 --> 00:12:03,290 It should be genuine in that situation. 161 00:12:03,290 --> 00:12:06,050 It should not be taken as the militias attempted. 162 00:12:06,320 --> 00:12:08,480 I should not be blocked by somebody. 163 00:12:09,050 --> 00:12:11,000 So that has to be some parameter. 164 00:12:11,180 --> 00:12:11,440 Right. 165 00:12:11,750 --> 00:12:15,200 So that is something will which we'll be covering in the next session. 166 00:12:15,200 --> 00:12:16,180 And we'll get you there. 167 00:12:16,310 --> 00:12:16,600 Thank.