OWASP Top 10 Flashcards
Open Web Application Security Project
What does OWASP stand for?
Open Web Application Security Project
Which vulnerability allows attackers to inject malicious scripts into web pages viewed by users?
Cross-Site Scripting (XSS)
What does CSRF stand for?
Cross-Site Request Forgery
What is the primary goal of SQL Injection (SQLi) attacks?
To manipulate or access database data through insecure SQL queries.
XSS vulnerabilities can be categorized into three types: ______, ______, and _______.
Stored (persistent),
Reflected,
DOM-based
Which OWASP Top 10 vulnerability allows an attacker to execute unauthorized commands on behalf of a user?
Cross-Site Request Forgery (CSRF)
What is XSS?
Cross-Site Scripting occurs when attacker inject scripts into web pages viewed by users. This can steal user data, modify content, even perform actions on behalf others.
What is a common defense against SQL Injection?
Using prepared statements or parameterized queries.
What is CSRF?
Cross-Site Request Forgery is an attack were hacker tricks a user into unknowingly performing an unwanted action on a website, where they are logged in
What is SQLI?
SQL Injection is when an attacker injects malicious code into a query, tricking a database into executing unintended commands e.g. leaking user data, bypassing login, deleting records)
How to prevent XSS?
Input Validation & Sanitation
Which OWASP Top 10 vulnerability can allow an attacker to steal session cookies?
Cross-Site Scripting (XSS)
What is the purpose of anti-CSRF tokens?
To verify that requests are coming from authenticated users.
Multiple choice: Which of the following is a sign of a potential SQL Injection vulnerability? A) User input not validated B) Use of ORM C) Prepared statements D) Strong input sanitization
A) User input not validated
True or False: XSS can be exploited even if a web application uses HTTPS.
True
