Security concerns Flashcards

1
Q

CSRF (Cross-site Request Forgery)

A

A security vulnerability regarding server side sessions - not HTML5 session storage.

Once a session is opened in one browser tab, then the session is also transferred to a new tab that is opened up.

This tab can be a site that fakes being a logged in user on the other site.

A request can then be sent to the app the session belongs to on behalf of the the user, from the second tab.

CSRF tokens can be used to prevent such hi-jacking of sessions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

XSS - Cross-site scripting attacks

A

Malicious javascript scripts can be injected into a website (that can do things like keylogging or other malicious actions) if all input fields are not sanitized before the text is saved in the database.

Two ways of countering this:

1) Strip tags from text input - prevents possible styling injection as well.
2) Convert to html entities (then

 will be converted to <script>  some script text   </script> AND will be treated as regular HTML text.
3) html5 content security policy - prevent inline JS and CSS
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

SQL injection

A

All input fields should be sure to prevent SQL statements/queries from potentially reaching the database when the site uses a Relational Database Management System (RDBMS) such as MSSQL, Postgres, MySQL. Sanitize the input or use ORMs that can sanitize it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly