Expiring Today—Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

XSS Forgery attack against an Intranet applicaiton.

Posted on 2016-10-03
4
Medium Priority
?
140 Views
Last Modified: 2016-10-05
I have an intranet ( NOT Internet ) application which is deployed on a clients server. The client does not have access to the source code for the website, meaning the C# and Asp.net code. At most the site will not have more than 3 users at any one time. Pretty low key site.

So my question is if such an intranet site is exempt from any type of XSS Forgery attack?
0
Comment
Question by:brgdotnet
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 64

Assisted Solution

by:btan
btan earned 1000 total points
ID: 41827463
Cross-Site Request Forgery (CSRF) is an attack where a malicious site sends a request to a vulnerable site where the user is currently logged in. So if your website does not have such login features then I see XFS unlikely to be applicable.

Also note
typically, CSRF attacks are possible against web sites that use cookies for authentication, because browsers send all relevant cookies to the destination web site. However, CSRF attacks are not limited to exploiting cookies. For example, Basic and Digest authentication are also vulnerable. After a user logs in with Basic or Digest authentication. the browser automatically sends the credentials until the session ends.
I do suggest it be scan to surface the vulnerability still - Check out the OWASP Zed Attack Proxy (ZAP).
0
 
LVL 25

Assisted Solution

by:madunix
madunix earned 1000 total points
ID: 41827505
Cross-Site Request Forgery (CSRF):  allows a third party to redirect static content within
the security context of a trusted site. XSS- User trust the Websites. (Like how we trust Facebook). CSRF- Websites put his trust in the user as he is Authenticated.

One control to protect the CSRF attack is by inserting random data, supplied
by the relying party, into any linked uniform resource locator with side effects and into a hidden
field within any form on the relying partys website. Generating a per-session shared secret is
effective against a session hijacking problem. Sanitizing inputs to make them nonexecutable is
effective against cross site scripting XSS attacks, not CSRF attacks.
 source: cissp practice
0
 
LVL 64

Accepted Solution

by:
btan earned 1000 total points
ID: 41827922
Just thinking further - as long as it is website, the security scan and check should still take place and review the list of vulnerability. If XFS is surfaced, there is still risk involved as abuse from the internal staff or contractor may still happened.

For e.g. a malicious staff sending out phished links or broadcast to target users to click and redirect to a hosted site within inside internal or external in internet to siphon all the existing already login website credential. The unintended intranet bridged to internet is via the user machine that can surf internet and also connected within intranet - unless you can be sure the internet and intranet is totally separated and machine of these will not be common user machine issued.

The insider threat cannot be neglected. The XFS is not just a compliance check but any vulnerability of such does warrant a more preemptive measures and good practice to ensure the gaps are closed and avoid being further exploited by attacker as "jumping board" for data leakage or sabotage on internal critical core services.
0
 
LVL 2

Author Comment

by:brgdotnet
ID: 41831024
Thank you
0

Featured Post

Cyber Threats to Small Businesses (Part 2)

The evolving cybersecurity landscape presents SMBs with a host of new threats to their clients, their data, and their bottom line. In part 2 of this blog series, learn three quick processes Webroot’s CISO, Gary Hayslip, recommends to help small businesses beat modern threats.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is written by John Gates, CISSP. Gates, the SNUG President-Elect, currently holds the position of Manager of Information Systems at Lake Park High School in Roselle, Illinois.
I don't pretend to be an expert at this, but I have found a few things that are useful. I hope that sharing them here will help others, so they will not have to face some rather hard choices. Since I felt this to be a topic of enough importance and…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

718 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question