Security Flashcards
How should we store password in the database?
1) not like text field ( because lots of people use the same password for many sites and if you lose database it can be a problem not only for you)
2) Security hash ( we can’t decrypt password )
How do you check a hashed password?
It’s simple, actually—when we need to test a password given to a login form, we just pass it through the same
one-way hash function and compare the results.
What is MD5 hash function?
This MD5 hash generator is useful for encoding passwords, credit cards numbers and other sensitive date into database. An MD5 hash is created by taking a string of an any length and encoding it into a 128-bit fingerprint
What is Log Masking? And how it works with rails?
Your log data contains information that may be considered sensitive. Specific log messages may include user names, email addresses, URL parameters, and other information that you may not want to disclose.
Rails hide sensitive params by default.
What is SSL? And how it works with rails?
Secure Socket Layer. Rails can redirect every Get request without https.
What is model mass assignment attribute protection? And how it works with rails?
It’s when rails try to update many attributes at once
User.update(params[:user])
Rails introduce strong params to avoid this problem.
What is SQL injection? How to avoid it in rails?
SQL injection is a catch-all description for attacks on SQL database-driven applications. The attacker includes malicious fragments of SQL code in otherwise legitimate input provided to the application, in the hopes that the application “messes up” and sends those fragments along to the database to be executed.
Active record protect us by default if we send params by this way “ Product.where(‘name LIKE ?’, “%#{params[:query]}%”)”
What is XSS? ( Cross-Site Scripting )
The attack works by injecting client-side executable code into the application pages.
- User can run js code from which was saved in the database
- User can click to the link which was saved without any check.
How to avoid XSS attacks? What is escaping and sanitizing?
- “Escaping” means replacing some of the string characters by an HTML escape sequences that will remove the special meaning from the text and cause it to render as regular text.
- Sanitizing, on the other hand, means validating the
HTML content to ensure only “good” HTML tags and attributes are used.
What is XSRF (Cross-Site Request Forgery) ?
It’s a type of web application vulnerability that allows an attacker to modify application state on behalf of a user that is logged into the application by luring the user to click on a carefully crafted link, visit a page, or even just open an email with malicious embedded images.
Link example: GET /transfers?from_account_id=123&to_account_id=456&amount=1000.
How to enable XSRF for rails app? ( with 3 options )
# Raises ActionController::InvalidAuthenticityToken exception.
- protect_from_forgery with: :exception
# Resets the user’s session. - protect_from_forgery with: :reset_session
# Executes the request as if no session exists. Used by default if no with parameter is supplied.
- protect_from_forgery with: :null_session
Where should you store application secrets keys?
ENV variables
How to create XSS injection using rails model/form?
use html_safe and send script to the form imput
< script type="text/javascript" >
alert('s')
< /script >
inside the form
< %= animal.name.html_safe % >
How to create SQL injection through the form input?
ActiveRecord::Base.connection.execute(‘SELECT * FROM animals’)
How to create system injection?
system(‘mkdir folder’)
# or backslash `mkdir folder`
