Security Flashcards
What does CORS stand for?
Cross-Origin Resource Sharing
What does CSRF stand for?
Cross-Site Request Forgery
What are the mitigations against CSRF attacks?
- Tokens
- Same site cookies
- Referrer header check
How is a CSRF attack carried out?
By the user loading a malicious site in their web browser, which attempts to make a request to another site in which the user is logged in. Taking advantage of their authenticated state, to trigger actions without the user’s knowledge.
What’s the difference between CSRF & XSS?
CSRF is an attack which takes advantage or a users authentication on another site to carry out state changing actions.
Whereas XSS is an exploit that allows an attacker to execute code on a users browser
What is SQL injection?
A hacking technique that’s used to execute malicious SQL statements
How does SQL injection work?
By inserting or “injecting” SQL code into a web form input or URL query string, manipulating the database behind a web application.
How can SQL injection attacks be prevented / guarded against?
- input validation / sanitisation
- parameterised queries
- using an ORM
- web application firewall
What’s Reflected XSS?
The malicious script is included in a request made to the server (e.g., in a URL) and is reflected back in the server’s response, where it is executed by the client’s browser.
What’s stored XSS?
The malicious script is stored on the server (e.g., in a database) and is delivered to users when they access the affected web page.
What’s DOM-based XSS?
The attack payload is executed as a result of modifying the DOM (Document Object Model) environment in the victim’s browser, typically without needing to interact with the server.
What mitigations are there for XSS attacks?
- Input sanitisation
- Content security policy
- output encoding
