1
00:00:01,220 --> 00:00:08,120
Now let's talk about how we can prevent access as vulnerabilities the way these vulnerabilities happen

2
00:00:08,180 --> 00:00:16,460
is because whatever a user enters something into a text box or into a parameter that input is displayed

3
00:00:16,580 --> 00:00:22,820
into the hasty e-mail so is treated as if it's part of the page and therefore if there is JavaScript

4
00:00:22,820 --> 00:00:24,890
in it the code is being executed.

5
00:00:25,930 --> 00:00:33,570
So to prevent this exploit the best thing to do is to try and minimize the usage of untrusted inputs.

6
00:00:33,580 --> 00:00:39,610
So anytime a user input something or a time sometimes input from parameters tried to minimize that.

7
00:00:40,420 --> 00:00:47,560
Also make sure that you always escape wherever that's going to be displayed or used into the hasty AML

8
00:00:47,560 --> 00:00:54,100
page because exercise cannot only be injected into places where things are displayed on the page but

9
00:00:54,160 --> 00:01:02,080
it can also be injected into parameters of certain elements of the ACMA page.

10
00:01:02,090 --> 00:01:08,390
So what I mean by escaping is converting each of these characters to what they would be represented

11
00:01:08,390 --> 00:01:10,420
by and hasty AML.

12
00:01:10,610 --> 00:01:15,240
You can do that using scripts and you can do that using your own script.

13
00:01:15,320 --> 00:01:16,880
Now let me show you how this happens.

14
00:01:16,880 --> 00:01:23,110
Now I'm here at my vulnerable Web page that we were using and I'm going to go to this third one and

15
00:01:23,110 --> 00:01:27,190
obviously you can see that every time we click on that the access runs.

16
00:01:27,190 --> 00:01:29,040
So let's inspect this element.

17
00:01:29,050 --> 00:01:32,200
Now this element is where we injected our alert.

18
00:01:32,920 --> 00:01:41,740
And if we right click and go on inspect element it will show us the hasty M.O. of this page or the ECMO

19
00:01:41,890 --> 00:01:50,210
of this particular element right here highlighted so I'm going to make this bigger and if we look at

20
00:01:50,210 --> 00:01:59,640
it right here you'll see that we have the name and that Zayd and then the other input which is the message.

21
00:01:59,740 --> 00:02:02,440
It's a script and the script what the script does.

22
00:02:02,440 --> 00:02:10,260
It does alert exercise so it's exactly what we injected into it when we did the comment so every time

23
00:02:10,260 --> 00:02:14,230
we were on this page this piece of code gets is executed.

24
00:02:14,700 --> 00:02:19,860
So we need to do is we need to make sure every time a user enters something and that something will

25
00:02:19,860 --> 00:02:24,870
be displayed on a page or that something will be used somewhere in the elements.

26
00:02:24,870 --> 00:02:27,960
So even the idea here or even the H.

27
00:02:28,080 --> 00:02:34,830
The idea is just for example is a parameter of the div it's not the you never see this idea but this

28
00:02:34,830 --> 00:02:37,680
is this can be injectable it can be injected as well.

29
00:02:38,100 --> 00:02:42,120
So hackers can actually try to inject stuff into the parameters.

30
00:02:42,120 --> 00:02:45,680
They can try to inject stuff into the image attributes for example.

31
00:02:45,690 --> 00:02:50,260
They can do an image and inject stuff into the sauce or into the URL.

32
00:02:50,280 --> 00:02:52,370
So this is just an example here.

33
00:02:52,440 --> 00:02:56,840
And every time a user's input is going to be used anywhere on the page.

34
00:02:56,850 --> 00:03:02,850
So even if you don't see it if you usually don't see it you need to make sure that you escape that input

35
00:03:03,120 --> 00:03:09,090
and make sure that it does not contain any code and if it contains any code that it's converted to an

36
00:03:09,090 --> 00:03:15,330
equivalent that the code will not be running so it's converted to its hasty ATP equivalent so that you'll

37
00:03:15,330 --> 00:03:19,260
actually once you escape this you'll actually see this in the message.

38
00:03:19,260 --> 00:03:24,950
So you see the message as script alert exercise but it will never be executed.

39
00:03:25,020 --> 00:03:32,090
This script will never actually be executed on the target person when they run it.

40
00:03:32,320 --> 00:03:39,610
Now as a user to prevent yourself from being used into an exercise attack now you are all coming to

41
00:03:39,610 --> 00:03:42,890
you will probably look like a you are L of a trusted Web site.

42
00:03:42,900 --> 00:03:48,670
For example let's assume that you work in a company and there it was an exercise in your company and

43
00:03:48,670 --> 00:03:53,980
you are logging into your company and the code gets executed on you then there isn't much you can do

44
00:03:53,980 --> 00:03:54,880
yourself.

45
00:03:54,940 --> 00:04:00,320
What you need to be careful so would be if we saw in order to exploit the vulnerabilities we were shown

46
00:04:00,340 --> 00:04:02,140
for example a fake update.

47
00:04:02,230 --> 00:04:06,660
So make sure when you if you get an if you get a message always that there is an update.

48
00:04:06,700 --> 00:04:11,440
Make sure you actually go to the Web site that provides that application.

49
00:04:11,440 --> 00:04:17,380
So Firefox said that there is an update go to the FAA to the website of phase of Firefox and see if

50
00:04:17,380 --> 00:04:23,170
there is actually an update and if there is downloaded from that Web site don't downloaded from the

51
00:04:23,170 --> 00:04:25,100
notifications that you got.

52
00:04:25,120 --> 00:04:28,810
Also make sure you're downloading it from a hasty CPS Web site.

53
00:04:28,900 --> 00:04:35,110
And once you download it you can inspect it and check it the same way that we seen before to make sure

54
00:04:35,110 --> 00:04:38,410
that there is no back doors or anything in it.

55
00:04:38,590 --> 00:04:44,050
You can also check the MDA five some to make sure that the file hasn't been manipulated while it was

56
00:04:44,050 --> 00:04:50,020
being downloaded the same when we did the fake Facebook log in when you were with beef.

57
00:04:50,020 --> 00:04:56,710
So what you can do is whenever you're told that you got logged out and please log back in again ignore

58
00:04:56,710 --> 00:04:58,590
that go to Facebook dot com.

59
00:04:58,660 --> 00:05:07,390
Make sure it's going through CTP G.P.S. and then log into facebook so always try to be careful with

60
00:05:07,540 --> 00:05:10,690
notifications popping up telling you you need to do stuff.

61
00:05:10,720 --> 00:05:12,580
Always be wary and never trust the.