Lec 11: Web Security II: XSS, CSRF

Question 1

What are websites? How are they implemented?

Answer 1

Question 2

What browser attacks are a result of unforeseen user input?

Answer 2

Question 3

Where are the majority of vulnerabilities now found in software?

Answer 3

Question 4

What is web attacker? How does it work and what is the goal?

Answer 4

Question 5

What is gadget attacker?

Answer 5

Variation of web attacker.

Like adding an evil map extension to your website

Question 6

What is the basic execution model of the browser?

Answer 6

Question 7

What are the events in the basic execution model of the browser?

Answer 7

Question 8

What is the browser’s relationsip with HTML and Scripts?

Answer 8

Question 9

What is Event-Driven Script Execution?

Answer 9

Question 10

What is JavaScript? What is it used for? How do attackers use it?

Answer 10

Question 11

What is the history behind JavaScript?

Answer 11

Question 12

How is JavaScript used in web pages?

Answer 12

Question 13

What is the JavaScript Security Model?

Answer 13

Question 14

What is the same-origin policy?

Answer 14

Part of the JavaScript Security Model.

Question 15

How do library imports relate to the JavaScript security model?

Answer 15

Question 16

What is the DOM?

Answer 16

Question 17

What does browser and document structure look like?

Answer 17

Question 18

What are reading properties with JavaScript?

Answer 18

Question 19

What are some page manupulation possibilities with JavaScript?

Answer 19

Question 20

How can you use JavaScript to steal the clipboard contents?

Answer 20

Question 21

What are frames? Why do you use them?

Answer 21

Question 22

What is remote scripting? What are the methods you can achieve it?

Answer 22

Question 23

How does remote scripting work>

Answer 23

Question 24

What is port scanning behind firewall?

Answer 24

Question 25

What is Cross Site Scripting? How does it work?

Answer 25

Question 26

What are cookies?

Answer 26

Question 27

What is the basic pattern of cross site scripting?

Answer 27

Question 28

What is the echoing User Input example?

Answer 28

A XSS example (cross site scripting)

Question 29

How does Cross-Site Scripting to steal cookies work?

Answer 29

Question 30

Why would a user click on an evil link that would allow for XSS?

Answer 30

Question 31

Why does it matter if an attacker gets a cookie for naive.com in XSS?

Answer 31

Question 32

How does a stored script XSS attack work?

Answer 32

1. The attacker can register an account inputing the XSS into a field.
2. attacker sends register account request form
3. adminstrator opens request form with the XSS in it, then the adminstrator’s cookie is stolen
4. attacker can now use adminstrators cookie to get adminstrative control

Question 33

How does a stored script XSS attack work from attackers POV?

Answer 33

Question 34

How does stored script XSS work from victim administrator POV?

Answer 34

Question 35

(T/F) XSS is a form of “reflection attack”. Explain what a reflectiona ttack is

Answer 35

Question 36

What damage can XSS cause to the victim?

Answer 36

Question 37

Where do malicious scripts lurk?

Answer 37

Question 38

What are other sources of malicious scripts?

Answer 38

Question 39

What was the MySpace Worm?

Answer 39

Question 40

What was the Twitter Worm?

Answer 40

Question 41

How do you prevent XSS?

Answer 41

Question 42

What is validateRequest in ASP.NET? What is its flaw?

Answer 42

Question 43

What is httpOnly Cookies?

Answer 43

Question 44

What is the problem related to cross site request foregery?

Answer 44

Question 45

What is Cross-Site Request Foregery?

Answer 45

Question 46

What is the basic idea of XSRF?

Answer 46

Question 47

Why is cooke authentication not enough?

Answer 47

Can use JavaScript to send a request to have a bad thing at the naive site happen using cookie for authentication

Question 48

How does XSRF work in code/HTTP?

Answer 48

Question 49

How does login XSRF work in HTTP diagram?

Answer 49

Question 50

How do you use XSRF for XSS with inline gadgets?

Answer 50

Question 51

What is the difference between XSRF and XSS?

Answer 51

Question 52

What are XSRF defences?

Answer 52

Question 53

What is the secret, random validation token defense to XSRF work?

Answer 53

Question 54

What is NoForge?

Answer 54

• need to bind session ID to token in order to do a secret, random validation token protection against XSRF

Question 55

What are the differentt ypes of referer validation for XSRF protection?

Answer 55

Question 56

Why is referer validation not always strict?

Answer 56

Question 57

What is an XSRF attack with lenient referer checking?

Answer 57

Question 58

What is the ideal XSRF defense?

Answer 58

Question 59

What is an origin header?

Answer 59

Question 60

What are the differences between the three standard web attacks: SQL injection, XSS, and XSRF?

Answer 60