1
00:00:00,830 --> 00:00:06,890
Let's see this laboratory using the VVWA project, downloadable from GitHub.

2
00:00:07,280 --> 00:00:13,940
It is a project developed in ASP.NET that provides various laboratories to test vulnerabilities and

3
00:00:13,940 --> 00:00:16,550
understand how to mitigate them.

4
00:00:17,300 --> 00:00:21,440
So we select the third menu item, Cross Site Scripting (XSS) lab.

5
00:00:22,540 --> 00:00:23,740
Press the link.

6
00:00:26,940 --> 00:00:29,660
OK, so press XSS lab

7
00:00:30,660 --> 00:00:36,310
And OK, we can now experience the cross scripting vulnerability.

8
00:00:37,320 --> 00:00:44,790
Suppose you enter a text in the text box and send it to the next page, the next page, will receive the

9
00:00:44,790 --> 00:00:47,030
entered text and simply displayed it.

10
00:00:47,040 --> 00:00:51,240
We can see on this page that the previous text is displayed.

11
00:00:54,140 --> 00:01:00,350
Now, let's try now to insert something different, a very simple JavaScript code.

12
00:01:03,240 --> 00:01:10,560
That's the malicious pattern enclosed in tag script, which executes the alert() function.

13
00:01:13,820 --> 00:01:18,530
Which will display a window on the screen when executed.

14
00:01:22,010 --> 00:01:22,870
OK.

15
00:01:25,140 --> 00:01:32,520
So on the next page, I should see now, if the application is vulnerable, the execution of the JavaScript

16
00:01:32,520 --> 00:01:33,060
code.

17
00:01:34,410 --> 00:01:35,490
And that's it.

18
00:01:37,470 --> 00:01:41,550
And here is the javascript code not blocked in input is sent in execution.

19
00:01:41,580 --> 00:01:47,100
Let's see now how to mitigate the cross site scripting vulnerability in the code.

20
00:01:47,700 --> 00:01:49,840
Let's go to the page that receives

21
00:01:49,980 --> 00:01:53,490
the data sent in Post, is the page named xss_elab_aspx.cs

22
00:01:53,490 --> 00:01:56,090
in C Sharp

23
00:01:56,370 --> 00:02:01,530
Currently, the code does not validate the data that comes from the previous page

24
00:02:03,740 --> 00:02:06,320
And I'm going to

25
00:02:09,330 --> 00:02:15,850
fix with a solution that implements a validation through a regular expression.

26
00:02:16,710 --> 00:02:22,440
The solution also normalize the data before submitting it to the regex

27
00:02:24,810 --> 00:02:32,610
In order to avoid bypass, by transcoding the input in a different charset of characters.

28
00:02:34,640 --> 00:02:37,790
Then the regular expression

29
00:02:40,150 --> 00:02:42,920
defines a pattern to be searched

30
00:02:45,500 --> 00:02:52,370
And then if at least one occurrence of the pattern is found the error message is printed.

31
00:02:55,160 --> 00:02:59,240
vice versa the validated data is printed.

32
00:03:00,270 --> 00:03:00,720
OK.

33
00:03:02,450 --> 00:03:03,890
We should also.

34
00:03:06,190 --> 00:03:09,550
Comment this line of code.

35
00:03:12,840 --> 00:03:15,030
OK, and now.

36
00:03:17,720 --> 00:03:21,260
Let's start again the application.

37
00:03:24,780 --> 00:03:31,230
And inject the same pattern, malicious pattern, and the injection was blocked.