Lecture 14: Cross-Site Scripting (XSS) and UI Attacks
Intro to XSS, Review
Real-world XSS Attacks
(True/False) Reflected XSS requires the victim to visit a malicious link crafted by the attacker, but Stored XSS does not.
Consider an escaper that finds all instances of
</script> in user input and removes them. Can an attacker still perform an XSS attack with
<script> tags? If yes, write a malicious input that would bypass this escaping function. If no, explain why.
Authentication and Impersonation
What two factors are used when you sign into your Berkeley account?
(True/false) Setting the HttpOnly flag on a cookie is a good defense against session hijacking by packet sniffers (on-path network attackers).
Intro to Phishing
(True/false) There is no phishing attack on this webpage.
Phishing Defense: Check URLs
URL Obfuscation Attack
Why Does Phishing Work?
How does clickjacking subvert the same-origin policy?
(True/false) If we enabled dialogue boxes asking for confirmation on every website, clickjacking attacks would never work.
(True/false) Clickjacking attacks can only happen when you are visiting an attacker’s website.
Defense: Ensuring Visual Integrity
Defense: Enforcing Temporal Integrity