Security Flashcards
What is XSS?
XSS is an attack where malicious scripts are injected into web pages, potentially allowing attackers to steal cookies, session tokens, or other sensitive data.
How can XSS attacks be mitigated?
By escaping user inputs, implementing a Content Security Policy (CSP), and sanitizing inputs to prevent malicious scripts.
What is CSRF?
CSRF occurs when a malicious website tricks a user into performing an action (e.g., submitting a form) on a trusted website where the user is authenticated.
How can CSRF attacks be prevented?
By using CSRF tokens, SameSite cookies, and validating the source of requests.
What is SQL injection?
SQL injection is an attack where malicious SQL code is inserted into a query, potentially allowing attackers to access or manipulate a database.
How can SQL injection attacks be mitigated?
By using parameterized queries, prepared statements, and sanitizing inputs.
What is a Content Security Policy (CSP)?
CSP is a security feature that restricts the sources of scripts, styles, and other content, helping to prevent XSS attacks.
What is HTTPS?
HTTPS is an encrypted version of HTTP that uses TLS/SSL to secure communication, ensuring data confidentiality and integrity during transit.
What is TLS/SSL?
TLS (Transport Layer Security) and SSL (Secure Sockets Layer) are cryptographic protocols that secure data in transit by encrypting it and authenticating servers with certificates.
What is rate limiting?
Rate limiting controls the number of requests a client can make to a server in a specified time to prevent abuse, such as brute force attacks or denial of service (DoS).
What is password hashing?
Password hashing transforms passwords into irreversible hashes using cryptographic algorithms like bcrypt or Argon2 to securely store passwords.
What is security misconfiguration?
Security Misconfiguration involves improper setup or insecure defaults. XML External Entities (XXE) vulnerabilities are now part of this category.
What is OWASP?
The Open Web Application Security Project (OWASP) is a nonprofit foundation focused on improving software security and providing resources like the OWASP Top 10 list of vulnerabilities.
What is the Zero Trust security model?
The Zero Trust model assumes no implicit trust, requiring continuous verification of users and devices, enforcing least privilege, and ensuring secure access to resources.
What is the Principle of Least Privilege?
It is a security practice where users and systems are granted only the minimum permissions necessary to perform their tasks.