LAB: Improving security on an existing website
to prevent common forms of attack

• Protect shopping cart against XSS attacks

  .
  
  

  • "Purchase" an item
  • Click on Shopping Cart
  • Enter this into the Notes field:
  • <script>alert("test");</script>
  • Open /path/to/htdocs/sweetscomplete/View/cart.php
  • Implement filtering, validation and output escaping
  • Follow comments starting with // *** for clues

• Protect against character based attacks

  .
  
  

  • Open /path/to/htdocs/sweetscomplete/index.php
  • Set character encoding to UTF-8
  • Verify there are no display errors when displaying a product item

• Secure the login process against session hijacking

  .
  
  

  • Open /path/to/htdocs/sweetscomplete/index.php
  • Regenerate the session ID
  • Open /path/to/htdocs/sweetscomplete/View/login.php
  • Filter, validate all input, and escape all output
  • Add a one time hash and a CAPTCHA element
  • Login as conrad.perry@fastmedia.com with password listened8591uncl
  • Attempt a hijack using another browser

• Protect against remote code injection

  .
  
  

  • Open /path/to/htdocs/sweetscomplete/index.php
  • Create an array of allowed pages which can be included
  • Validate incoming page request against allowed pages
  • Use the Contact Us to upload /verybadwebsite/info.php
  • Enter this URL: http://localhost/sweetscomplete/?page=../uploads/info
  • Verify this hack no longer works