1
00:00:00,120 --> 00:00:06,390
All right, so everyone, this is a snitch again, and this session is about security challenges, security

2
00:00:06,390 --> 00:00:08,670
challenges of war with JavaScript.

3
00:00:08,710 --> 00:00:09,030
Right.

4
00:00:09,630 --> 00:00:10,180
Oh, really?

5
00:00:10,230 --> 00:00:10,850
Yes.

6
00:00:10,860 --> 00:00:15,580
So you will be talking about some security challenges for JavaScript.

7
00:00:16,050 --> 00:00:18,220
Does it still exist?

8
00:00:18,780 --> 00:00:21,900
I would say yes, but maybe not.

9
00:00:21,900 --> 00:00:28,590
But I'm talking about from the nutshell and how it has been improved and what are the security measures

10
00:00:28,590 --> 00:00:35,030
with JavaScript in order to protect from JavaScript and which has been taken by many institutions in

11
00:00:35,110 --> 00:00:40,980
institutions and on the Web that application agencies.

12
00:00:41,220 --> 00:00:41,490
Right.

13
00:00:42,210 --> 00:00:43,290
So let's get started.

14
00:00:44,360 --> 00:00:45,810
We'll take the same example.

15
00:00:46,180 --> 00:00:56,090
And in our last example, we had user machine talking to a website, website as a example, dot com.

16
00:00:56,580 --> 00:01:03,400
And now in the same example, user is having a Web browser that the clanged machine and he's sending

17
00:01:03,440 --> 00:01:07,500
a certificate request in order to get the response from the website.

18
00:01:08,110 --> 00:01:09,390
What would be the response?

19
00:01:09,390 --> 00:01:14,720
It would be simply the EDP page of response, what it might carry.

20
00:01:14,720 --> 00:01:21,270
It can carry these images, text, text that might be redirected to another pages and all those stuff.

21
00:01:21,270 --> 00:01:24,570
In our case, it just is simple SCDP.

22
00:01:24,930 --> 00:01:27,500
In our case, just the title is Web site.

23
00:01:27,960 --> 00:01:28,390
That's it.

24
00:01:28,680 --> 00:01:33,200
So it's going to be completely blank website, but the blank page basically.

25
00:01:33,990 --> 00:01:39,980
So users sends a request, a request, but in return it get these blank page.

26
00:01:40,380 --> 00:01:44,650
But you what you would see if you imagine if you sorry.

27
00:01:44,670 --> 00:01:53,370
If you recall correctly in our last session we have seen JavaScript for better purpose.

28
00:01:53,550 --> 00:01:54,450
For what purpose.

29
00:01:54,450 --> 00:02:01,550
Basically for, for prompting or giving some alerts to the user about welcome to the world and all those

30
00:02:01,560 --> 00:02:01,660
are.

31
00:02:02,340 --> 00:02:06,620
But this can even be used for malicious purposes.

32
00:02:06,630 --> 00:02:07,020
Right.

33
00:02:07,500 --> 00:02:15,360
We know that JavaScript can be used for making your website beautiful enough, making the conversation

34
00:02:15,630 --> 00:02:22,980
dynamic in nature or making the conversation or the transaction between client machine and the server

35
00:02:23,250 --> 00:02:31,150
more and more a, you know, dynamic, proactive in nature and the real time as well.

36
00:02:31,500 --> 00:02:35,810
But this can also be used for some malicious activity.

37
00:02:36,510 --> 00:02:38,210
And this is what it can be done.

38
00:02:38,220 --> 00:02:41,970
I mean, it can have a redirection of us with JavaScript.

39
00:02:41,970 --> 00:02:45,860
We can even redirect the user response to another website.

40
00:02:45,900 --> 00:02:47,760
Right, by making user.

41
00:02:48,030 --> 00:02:50,690
So that's the syntax there.

42
00:02:50,700 --> 00:02:54,030
And you still have your script starting with that.

43
00:02:54,030 --> 00:02:56,670
And at the end and the ending syntax.

44
00:02:56,670 --> 00:02:59,490
And in between that we can have another website.

45
00:02:59,760 --> 00:03:06,540
If you see that malicious site example dot com, I just take it as an example and then you can redirect

46
00:03:06,540 --> 00:03:07,660
or some other website.

47
00:03:07,980 --> 00:03:09,950
But wait, how would this happen?

48
00:03:10,260 --> 00:03:14,070
Why would a genuine website would send your traffic to some other.

49
00:03:14,730 --> 00:03:16,920
Well, not for this to work.

50
00:03:16,950 --> 00:03:26,640
This website has to be either compromised or it is already infected or already have one already a malicious

51
00:03:26,640 --> 00:03:27,300
site maybe.

52
00:03:27,510 --> 00:03:35,090
So whether it might be owned by a hacker or it might be affected or infected by and hacker.

53
00:03:35,100 --> 00:03:35,500
Right.

54
00:03:35,850 --> 00:03:42,990
So in that case, it might send a malicious code or maybe the code which has been enforced, which has

55
00:03:42,990 --> 00:03:45,150
been programmed by the hacker.

56
00:03:45,180 --> 00:03:45,470
Right.

57
00:03:46,110 --> 00:03:48,210
So in that case, it might send a link.

58
00:03:48,210 --> 00:03:53,820
And once you once you see any any link on those blank page, you click on it and you get redirected.

59
00:03:54,630 --> 00:03:55,700
So that could happen.

60
00:03:56,430 --> 00:04:03,810
And even if you don't click on it and the script, basically what happened is the JavaScript engine

61
00:04:03,810 --> 00:04:10,710
on your browser basically basically downloaded all the content, all the content on the website image.

62
00:04:10,800 --> 00:04:17,460
Even if it he didn't even if it is not anywhere and even mentioned as a part of a link, it still be

63
00:04:17,470 --> 00:04:25,480
downloaded and you get you have to your browser follow the exact guideline given by the Joester.

64
00:04:25,530 --> 00:04:25,830
Right.

65
00:04:26,160 --> 00:04:28,440
In some situation you might have to click.

66
00:04:28,440 --> 00:04:36,120
But another situation, your browser simply download all the content of that Web page and it would also

67
00:04:36,120 --> 00:04:37,840
be downloading this script as well.

68
00:04:38,070 --> 00:04:41,170
So in that case, it will simply follow the response.

69
00:04:41,220 --> 00:04:41,620
All right.

70
00:04:42,120 --> 00:04:43,680
So this is a big challenge.

71
00:04:43,680 --> 00:04:50,070
But what is really happening, if you understand this, what are the points where the problem could

72
00:04:50,070 --> 00:04:50,700
arise?

73
00:04:50,700 --> 00:04:51,830
Right on the website.

74
00:04:52,200 --> 00:04:55,570
The first part we have already discussed in the input site.

75
00:04:55,950 --> 00:04:59,820
This is where we have discussed in case of a injection.

76
00:04:59,940 --> 00:05:07,680
If you remember correctly, correctly, sorry, if you remember correctly, that's where the input sanitisation

77
00:05:07,680 --> 00:05:09,770
wasn't really happening properly, right?

78
00:05:10,500 --> 00:05:22,020
Because of lack of input sanitisation, any user can send any kind of malicious query and it can disrupt

79
00:05:22,020 --> 00:05:28,410
the database or the application or can retrieve the desired information from the website, our web application.

80
00:05:28,830 --> 00:05:36,120
Now, this was pretty much vulnerable in case of when when input sanitisation is not happening properly.

81
00:05:36,360 --> 00:05:45,840
And in that situation, the client were very, you know, clim most of the user or there could be a

82
00:05:45,840 --> 00:05:52,170
malicious actor who can leverage the info, who can leverage such kind of attack to get information

83
00:05:52,170 --> 00:05:53,370
or desired information.

84
00:05:53,970 --> 00:06:01,870
In this situation, the output, sanitation or output part is something which can lead to trouble.

85
00:06:02,550 --> 00:06:11,010
How exactly is that in this situation, if the output is sending some information or the output side

86
00:06:11,010 --> 00:06:13,180
is sending some information from the website?

87
00:06:13,200 --> 00:06:15,270
This could lead to a challenge on the website.

88
00:06:15,540 --> 00:06:21,720
So it has to be sanitized that what information is really going out of the application?

89
00:06:22,200 --> 00:06:24,720
Let me tell you something you might be wondering.

90
00:06:24,720 --> 00:06:31,030
I mean, if it is really a malicious side, why would it why would somebody stop it from doing that?

91
00:06:31,380 --> 00:06:34,930
Of course not, if it is already an malicious site.

92
00:06:35,740 --> 00:06:40,200
I mean, it's a job of a malicious cyber hacking side to do this activity.

93
00:06:40,590 --> 00:06:46,980
We are talking about an infected site, a vulnerable site or maybe a compromised site in that situation.

94
00:06:46,980 --> 00:06:53,940
If it is an infected site where there is lack of standardization, it might send any sort of data out

95
00:06:53,940 --> 00:06:57,420
from the letting go from the network.

96
00:06:57,450 --> 00:06:57,680
Right.

97
00:06:58,230 --> 00:07:02,670
And in that situation itself, such kind of challenges might arise.

98
00:07:03,660 --> 00:07:11,040
So we are still not at the crosshatch scripting, but we are at the initial problem of JavaScript.

99
00:07:11,280 --> 00:07:13,580
Let's understand the real problem here.

100
00:07:14,220 --> 00:07:20,550
We understood that there is some information can be sent to a website and website, can send any kind

101
00:07:20,550 --> 00:07:23,960
of a JavaScript and it can be sent for a better purpose.

102
00:07:23,970 --> 00:07:28,590
It can be sent for, you know, some malicious activity as well.

103
00:07:29,070 --> 00:07:36,670
Now, let's understand, the real challenge here will be consolidating the same problem here as well.

104
00:07:36,810 --> 00:07:41,070
The user is sending a request on a site over here.

105
00:07:41,490 --> 00:07:46,740
Right in our example, it was w w w dot example, dot com.

106
00:07:47,100 --> 00:07:54,220
We got some response back the JavaScript engine on the browser loaded doege loaded those.

107
00:07:54,510 --> 00:08:01,650
You downloaded those JavaScript file JavaScript and it performed the required activity.

108
00:08:02,220 --> 00:08:09,840
Now, if that carries these same sorts of redirection, you know, redirection or the same JavaScript

109
00:08:09,840 --> 00:08:15,150
that we have just seen, it might be related to malicious site example, dot com.

110
00:08:15,160 --> 00:08:15,400
Right.

111
00:08:16,320 --> 00:08:22,980
And in that case, it would be forward to really a malicious side or a side which is completely been

112
00:08:22,980 --> 00:08:24,620
controlled by a hacker.

113
00:08:25,650 --> 00:08:26,520
This is what it is.

114
00:08:26,850 --> 00:08:30,620
And this lead to the compromise completely compromised situation.

115
00:08:30,630 --> 00:08:30,910
Right.

116
00:08:31,230 --> 00:08:32,660
So we understood the problem.

117
00:08:32,910 --> 00:08:38,940
Now, we understood the problem that the first website is where it can be an infected site.

118
00:08:39,330 --> 00:08:45,510
First Web site can be an infected site, which might be sending which might be letting the data to go

119
00:08:45,510 --> 00:08:47,730
outside without any standardization.

120
00:08:48,060 --> 00:08:50,970
So that data is being received by the user.

121
00:08:51,360 --> 00:08:58,080
And based on the data that there might be some redirection javascript with the associated text that

122
00:08:58,080 --> 00:09:04,170
would be seen in the last session, the request will be forwarded to the malicious site, the site which

123
00:09:04,170 --> 00:09:06,870
has been completely in control with the hacker.

124
00:09:07,290 --> 00:09:10,590
That's where the, you know, the request goes.

125
00:09:10,590 --> 00:09:13,840
And in the response to that, it will be completely compromised.

126
00:09:14,490 --> 00:09:14,870
Right.

127
00:09:14,880 --> 00:09:15,220
Sorry.

128
00:09:15,450 --> 00:09:23,130
So the problem is the problem is the injecting script on the another domain, because we are not really

129
00:09:23,130 --> 00:09:30,240
in the same domain to we are injecting this script so that the the traffic can be redirected to another

130
00:09:30,240 --> 00:09:34,350
domain because the source is not from the same domain, isn't it.

131
00:09:34,740 --> 00:09:42,840
Read the same script is being delivered from example dot com, but this goes to the malicious site example

132
00:09:42,840 --> 00:09:50,280
dot com maybe as an example that's really a problem and that's called domain redirection.

133
00:09:50,280 --> 00:09:57,860
I mean, that's really the problem, which is wherein we can inject this script to another domain,

134
00:09:57,870 --> 00:09:58,100
right.

135
00:09:58,110 --> 00:09:59,400
That's really a problem.

136
00:10:00,080 --> 00:10:08,510
For this to solve, the S&amp;P was up, which is the same origin policy, if the same origin policy is

137
00:10:08,510 --> 00:10:11,180
not there with JavaScript, will never.

138
00:10:11,420 --> 00:10:17,240
I mean, whatever the kind of malicious code we have developed, this will never work because of this.

139
00:10:17,690 --> 00:10:21,890
Most of the hacks has been unsuccessful in the past.

140
00:10:21,890 --> 00:10:27,050
And this was developed specially for this purpose after the evolution of JavaScript.

141
00:10:27,200 --> 00:10:30,050
So this has been developed for the same reason.

142
00:10:30,650 --> 00:10:41,150
And this is really a solution so that we can not have such a redirection where the not any of the site

143
00:10:41,150 --> 00:10:47,540
can relate to you on any other site without looking at the multiple parameter.

144
00:10:48,320 --> 00:10:50,060
It depends on the JavaScript.

145
00:10:50,270 --> 00:10:57,230
I'm not talking about the Jurel that you go right example when you go to example one dot com and then

146
00:10:57,230 --> 00:11:01,270
it'll redirect you to another site that's altogether different.

147
00:11:01,290 --> 00:11:07,460
And we are talking about JavaScript, which is embedded on your website right in that situation and

148
00:11:07,460 --> 00:11:09,620
won't be redirected as it is.

149
00:11:10,190 --> 00:11:10,570
All right.

150
00:11:10,580 --> 00:11:20,510
So that's what goes about the problem that exists, used to exist, I would say, with JavaScript,

151
00:11:20,870 --> 00:11:24,030
and that has been solved with the S.O.P.

152
00:11:24,740 --> 00:11:29,630
Now we need to really understand what is there any criteria with S.O.P?

153
00:11:29,640 --> 00:11:32,420
I mean, does how does it really works?

154
00:11:32,780 --> 00:11:37,720
How does it in the standard the redirection is happening, is it happening on the same side?

155
00:11:37,730 --> 00:11:40,580
Is it really relevant or not on this parameter?

156
00:11:40,850 --> 00:11:46,670
So let's get into detail in the next session and understand what are the parameters that needs to be

157
00:11:46,670 --> 00:11:50,590
satisfied before it can be redirected.

158
00:11:50,600 --> 00:11:50,910
Right.

159
00:11:51,440 --> 00:12:00,470
Because I might be redirecting the content from my own site to my own website, maybe some other pages.

160
00:12:00,740 --> 00:12:03,290
It should be genuine in that situation.

161
00:12:03,290 --> 00:12:06,050
It should not be taken as the militias attempted.

162
00:12:06,320 --> 00:12:08,480
I should not be blocked by somebody.

163
00:12:09,050 --> 00:12:11,000
So that has to be some parameter.

164
00:12:11,180 --> 00:12:11,440
Right.

165
00:12:11,750 --> 00:12:15,200
So that is something will which we'll be covering in the next session.

166
00:12:15,200 --> 00:12:16,180
And we'll get you there.

167
00:12:16,310 --> 00:12:16,600
Thank.