Security Flashcards
Injection Attacks (SQL injection, XSS, etc.)
Injection vulnerabilities occur when untrusted data is sent to an interpreter as part of a command or query. This allows attackers to inject malicious code, such as SQL commands or JavaScript, into the application.
Solution: Use parameterized queries (prepared statements) for database access to prevent SQL injection. Implement input validation and output encoding to prevent XSS attacks.
Cross-Site Request Forgery (CSRF)
CSRF attacks trick users into unknowingly submitting requests to a website they are authenticated with, leading to unauthorized actions being performed on their behalf.
Solution: Implement CSRF tokens in forms and AJAX requests to verify that the request originated from the legitimate user’s session.
Cross-Site Scripting (XSS)
XSS vulnerabilities allow attackers to inject malicious scripts into web pages viewed by other users.
Solution: Sanitize and validate input data, encode output to prevent script execution, and implement Content Security Policy (CSP) to restrict the sources of executable scripts.
Why you should not use HTTP?
When data is transmitted over HTTP, it’s sent in plaintext, making it susceptible to interception and manipulation by attackers. Here are some vulnerabilities associated with using plain HTTP:
Man-in-the-Middle (MitM) Attacks: Attackers can intercept communication between the client and server, allowing them to eavesdrop on sensitive data or manipulate the traffic.
Session Hijacking: Without encryption, session cookies can be easily intercepted, allowing attackers to hijack user sessions and impersonate legitimate users.
Data Tampering: Attackers can modify the content of HTTP requests and responses, potentially leading to unauthorized access, data leakage, or injection attacks.
Password Sniffing: User credentials transmitted over HTTP are transmitted in plaintext, making them susceptible to sniffing by attackers monitoring network traffic.
Cross-Site Scripting (XSS): While not directly related to HTTP, the lack of encryption can exacerbate XSS vulnerabilities by allowing attackers to inject malicious scripts into web pages transmitted over HTTP.
To mitigate these vulnerabilities, it’s essential to use HTTPS, which provides encryption and ensures the confidentiality, integrity, and authenticity of data transmitted between the client and server. HTTPS encrypts the data using Transport Layer Security (TLS) or its predecessor, Secure Sockets Layer (SSL), preventing unauthorized interception and tampering of communication.
How do you redirect a URL?
Make sure that any redirects your site makes (e.g., via HTTP headers, meta tags, JavaScript) do not rely on user input, or that any user input is sanitized (e.g., via an allowlist).