Rails Security Flashcards

1
Q

What are sessions?

A

Sessions enable the app to maintain user-specific state while the users interact with the app.

For example, session allows the users to authenticate once and remain signed in for future requests.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Session Hijacking

A

Stealing a user’s session ID lets an attacker use the web application in the victim’s name.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Ways to hijack a session

A
  • Sniff the cookie in an insecure network
    solution: provide a secure connection over SSL
  • Not clearing out the cookies after working at a public terminal
    solution: make logout button prominent; invalidate the session more frequently
  • cross-site scripting (XSS) exploits aimed at obtaining the user’s cookie
  • Session fixation - Instead of stealing a cookie unknown to the attacker, they fix a user’s session identifier (in the cookie) known to them.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is SSL?

A

SSL: Secure Sockets Layer

SSL is standard technology for securing an internet connection by encrypting data sent between a website and a browser (or between two servers). It prevents hackers from seeing or stealing any information transferred, including personal or financial data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Session Storage

A

Rails uses ActionDispatch::Session::CookieStore as the default session storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly