1
00:00:01,000 --> 00:00:08,710
In this section, we saw how to hack Web applications and even the Web servers underlying them to mess

2
00:00:08,710 --> 00:00:14,260
with the database, make it impossible to load a webpage, redirect to site to another location, all

3
00:00:14,260 --> 00:00:22,630
by using just two of the most common types of attacks across site scripting attacks and a sequel injection

4
00:00:22,630 --> 00:00:23,080
attack.

5
00:00:23,440 --> 00:00:25,000
Well, we did the sequel injection.

6
00:00:25,000 --> 00:00:27,310
The first one here, the second one down here is just behind.

7
00:00:27,310 --> 00:00:31,380
It means it doesn't show anything to the screen, right?

8
00:00:31,780 --> 00:00:36,130
Well, come back up here to the set up and create or reset the database that would clear out any of

9
00:00:36,130 --> 00:00:37,870
the bad stuff that we might have done there.

10
00:00:38,140 --> 00:00:45,190
But we were even able to compromise the passwords in this database, the hashed username and password

11
00:00:45,730 --> 00:00:50,080
values, so that we were able to go out to the web, find out what the password was, and log in is

12
00:00:50,080 --> 00:00:50,860
a different user.

13
00:00:51,460 --> 00:00:55,450
Well, as I promised, I'm going to show you a couple of ways that you can protect against this.

14
00:00:55,450 --> 00:01:00,910
If you're programming a Web server, you need to understand cross site scripting and SQL injection a

15
00:01:00,910 --> 00:01:01,090
lot.

16
00:01:01,100 --> 00:01:04,120
So Devoir is a great way to test different things.

17
00:01:04,120 --> 00:01:08,680
And then you go to your own Web page that you're designing and you test to see if you can do the same

18
00:01:08,680 --> 00:01:09,340
kinds of things.

19
00:01:09,340 --> 00:01:14,870
If you're reflecting what someone's typed in a text field to the screen, you need to check for Croci

20
00:01:14,890 --> 00:01:15,280
scripting.

21
00:01:15,280 --> 00:01:18,970
If you're storing in a database, you need to check for stored cross site scripting.

22
00:01:19,450 --> 00:01:24,430
If you're interacting with the database from user entered text at all, you need to check for all kinds

23
00:01:24,430 --> 00:01:31,690
of sequel injection and you can see under Mutilate or under the OS project O.W. Aspey, the Open Web

24
00:01:31,690 --> 00:01:33,250
Application Security Project.

25
00:01:33,550 --> 00:01:39,300
You can find some common tests that you can do to check the security of your web application.

26
00:01:39,550 --> 00:01:43,000
But let's take a look at cross scripting and sequel injection specifically.

27
00:01:43,480 --> 00:01:50,020
If you just go to W three schools and come down to their come to their tutorial, come down to form

28
00:01:50,020 --> 00:01:56,890
validation, you'll see some information about the HTML special chars function and it will actually

29
00:01:56,890 --> 00:02:04,450
show a real script, a real cross scripting attack script alert hacked here.

30
00:02:05,050 --> 00:02:10,240
And it tells you that the HTML special chars function can render that.

31
00:02:11,720 --> 00:02:19,220
And two special characters that will not get run on the server, so if I run this, the less than greater

32
00:02:19,220 --> 00:02:23,980
than script alert hacked, that will not do anything on a Web server.

33
00:02:23,980 --> 00:02:26,530
It'll just get stored as plain text.

34
00:02:26,930 --> 00:02:29,400
So let's take a look at the e-mail special charge.

35
00:02:29,430 --> 00:02:34,700
Now, this is just for me, but is one of the most popular platforms for Web application development

36
00:02:34,700 --> 00:02:35,170
out there.

37
00:02:35,420 --> 00:02:38,020
They use it at Facebook, powers, their servers.

38
00:02:38,720 --> 00:02:40,910
So it's a good language for us to understand.

39
00:02:41,360 --> 00:02:44,320
And there are equivalents in most other languages as well.

40
00:02:44,570 --> 00:02:52,670
So whether you're developing Web pages, using ASPE, IP, Ruby, you name the the language, you need

41
00:02:52,670 --> 00:02:58,340
to understand how to make string's that the user enters much safer before you store them a database

42
00:02:58,340 --> 00:02:59,880
or even print them back to the screen.

43
00:03:00,530 --> 00:03:11,000
So if we go to a net and do a search for HTML special chars, it'll give us the manual page of Dot Net

44
00:03:11,000 --> 00:03:12,770
for each HTML special chars.

45
00:03:13,070 --> 00:03:16,070
And what it does is it converts any of these common symbols.

46
00:03:16,070 --> 00:03:21,890
We saw the single quote, that's how we broke into the school database and we saw the greater than less

47
00:03:21,890 --> 00:03:23,060
than tags those get.

48
00:03:23,060 --> 00:03:25,970
Let us do a script for cross site scripting.

49
00:03:26,570 --> 00:03:37,070
This HTML special chars or HTML entities will help convert those strange symbols quotes ampersands less

50
00:03:37,070 --> 00:03:42,740
than symbols, double quotes into a safe character that can be stored, that can still be shown on a

51
00:03:42,740 --> 00:03:43,220
web page.

52
00:03:43,230 --> 00:03:48,710
So if you want to enter some code and show someone how to do something, you use e-mail, special chars

53
00:03:48,710 --> 00:03:53,780
or HTML entities and it'll encode it in such a way that it can be shown on a Web page safely.

54
00:03:54,080 --> 00:04:00,560
Like Stack Overflow is really popular for this, but it will not allow an attacker to try those cross

55
00:04:00,560 --> 00:04:03,350
site scripting tags with the angle brackets around script.

56
00:04:03,560 --> 00:04:10,670
It will not allow somebody to run an attack on your SQL database because it'll change that single quote

57
00:04:10,670 --> 00:04:12,110
into a safe character.

58
00:04:12,530 --> 00:04:17,960
So make sure you understand how to protect your inputs on your Web server.

59
00:04:18,620 --> 00:04:21,320
If you are not a web developer yet, that's OK.

60
00:04:21,710 --> 00:04:27,290
You at least know how to test for those two really common vulnerabilities cross site scripting and SQL

61
00:04:27,290 --> 00:04:34,340
injection so that you can work with your Web team or the person who develops or maintains your website

62
00:04:34,670 --> 00:04:38,360
and make sure that they understand how to employ HTML special characters.

63
00:04:38,660 --> 00:04:40,370
There's also strip tags.

64
00:04:40,370 --> 00:04:47,330
If you know there's not supposed to be any HTML inside a document, then you can use the strip tags

65
00:04:47,330 --> 00:04:49,430
option and they'll just remove all those tags.

66
00:04:49,430 --> 00:04:54,560
You don't even have to worry about encoding them so they can be shown on the screen for usernames,

67
00:04:54,560 --> 00:04:56,180
for comments on a web page.

68
00:04:56,450 --> 00:05:02,300
Stripped tags may even be better, but you also still need to use the HTML entities or HTML special

69
00:05:02,300 --> 00:05:09,570
chars so that you can't practice the cross site scripting or SQL injection from that form.

70
00:05:09,830 --> 00:05:14,210
There are other things that you need to know if you're a web developer, things like using prepared

71
00:05:14,210 --> 00:05:18,650
statements to avoid some of these SQL injection attempts, for example.

72
00:05:18,950 --> 00:05:24,290
And there's a whole world of security under any type of development that you try to go into.

73
00:05:24,770 --> 00:05:29,750
But because Web application security is so important, I wanted to make sure to cover it in a section

74
00:05:29,750 --> 00:05:34,040
here and show you a few ways to protect against it when you start building your own Web applications

75
00:05:34,250 --> 00:05:39,020
or if you've already built some Web apps, go back and test them for these cross site scripting and

76
00:05:39,020 --> 00:05:43,880
sequel injection vulnerabilities as well as others, and make some changes.

77
00:05:43,880 --> 00:05:47,450
If you find that your site is vulnerable, I hope you've enjoyed.

78
00:05:47,450 --> 00:05:50,530
This is a good tutorial on Web application security.

79
00:05:51,020 --> 00:05:53,720
Think we've got one more special section coming up for you.

80
00:05:53,900 --> 00:05:55,160
We'll see in the next section.