Client Side Testing Flashcards

1
Q

DOM-Based XSS

A

The result of active browser-side content on a page, typically JavaScript, obtaining user input and then doing something unsafe with it, leading to the execution of injected code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

JavaScript Injection Vulnerability

A

A subtype of cross site scripting (XSS)

Can occur when the application lacks proper user-supplied input and output validation.

When testing for this vulnerability, consider that some characters are treated differently by different browsers.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are WebSockets?

A

WebSockets allow the client or server to create a “full-duplex” (two-way) communication channel, allowing the client and server to truly communicate asynchronously.

WebSockets conduct their initial “upgrade” handshake over HTTP and from then on all communication is carried out over TCP channels by use of frames.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Using scripts from external sources

A

If an application uses an external script from an external source, it must be sourced from a trusted CDN (Content Delivery Network) and the Subresource Integrity (SRI) of the script must be verified.

This allows the browser to validate the integrity of the script contents to ensure it has not been manipulated by the external source or another malicious party.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly