Cross-Domain Security: The Blended Threat of the Web
Hello. Today, I would like to talk about web applications sharing content. This is a fairly large attack vector, and should be used very cautiously (by both designers and end users)! These cross-domain policies open up a huge can of worms regarding trust. When a web-application allows content to be loaded via interaction with another site, it should heavily scrutinize that content, because it is giving it full user-level trust to run on its platform. Never should the application loading the content blindly trust the application that is sending the content. The application sending the content may have different rules for verifying the content, that may not meet the requirements of the site receiving the content. The application sending the content may be doing so maliciously through a vulnerability, and should always be checked! We must treat this as advanced user input, not as trusted system resources. Cross-Domain solutions can open the door to a variety of attacks based on these false assumptions of trusted resources. Such attacks include but are not limited to, Reflected / Stored Cross-Site Scripting Attacks, Cross-Site Request Forgery Attacks, DNS Rebinding Attacks, Time of Use Attacks, and Access Control Attacks. In prevention of these attacks, both designers and end users should always take into account the system architectures, the scripting languages, the user credentials, and the access controls being shared / traversed in each individual scenario. Cross-domain content sharing happens all the time, but rarely do we ask ourselves, "Why do I trust this one platform to access my other platform?" The answers should be clear cut! If you did not post that original content yourself, or do not understand it completely, be careful what you let it access. All to often cookies are swiped, un-authorized individuals gain access, privileges are escalated, access controls are circumvented, data is stolen, or wost-case: malicious data is loaded under the guise of being completely trusted AND scrutinized by the original site - when it all originated from a 'trusted' secondary site.