Security Flashcards
csrf vulnerability
This vulnerability is when some user visits fraud site, which has some request of form being send to the website, where user is authenticated with cookies.
Fraud script sends request to that site, and since user is logged in with cookies - site thinks that this request is made by real user.
Defense - csrf field. All requests should include some secret csrf token which is stored as a cookie for this site. Fraud websites has no access to cookies, so can’t include it to their fake request.
As far as I understand this is irrelevant to the “true api” services, because they does not rely on the cookies auth. And should include some auth token in every request anyways.
xss vulnerability
xss vulnerability is when attacker puts his fraud tag into your page, and this script executes when some other users visit it. It can be done with various options.
Most common - attacker puts some as a comment on your page. And if back-end is vulnerable places this to db “as is” (без екранування) and then puts it on a page “as is” too - all users who see this comment will also have attacker script run. This script will have full access for cookies, storage and so on.
Defense - encoding and validating all user input which is placed on the page.
target=”_blank” href vulnerability
When you open some link with target=”_blank” - opened site gets limited access to your page, and this also affects productivity of site, because both pages will use same process and thread.
Defense - add rel=”noopener noreferrer” attribute to a tag.
