Threat, Vulnerabilities and Mitigations: Web-Based Vulnerabilities Flashcards
What site can we check to see the top 10 Web-Based Vulnerabilities?
OWASP Top 10
The Open Web Application Security Project (OWASP) Foundation aims to help improve software security, and it categorizes threats and vulnerabilities. Check out the OWASP Top 10 with respect to web-application threats at https://owasp.org/www-project-top-ten/.
What other web-application threats do we need to be concerned of?
HTTP server vulnerabilities
Content Management System (CMS) vulnerabilities
SQLi threats: Short for SQL injection
Cross-Site Scripting (XSS)
What is HTTP server vulnerabilities
HTTP server vulnerabilities: Your server service is software, so therefore, it’s vulnerable to the same threats as other software. It’s important to understand what threats might affect your particular service:
Apache
NGINX
IIS
What is Content Management System (CMS) vulnerabilities?
Content Management System (CMS) vulnerabilities: There any many threats to CMS, which form the foundation for most web apps. They also have plugins and themes that come from third parties, providing increased functionality and attack surface. CMS include:
Wordpress
Drupal
Joomla
Magento
Wix
Shopify
What is SQLi threats: Short for SQL injection?
SQLi threats: Short for SQL injection, this is the injection of malicious code:
The injecting of TSQL characters through user input
Single-Quote (‘) character
Authentication Bypass
‘or 1=1 –
Error-based
Blind-based
Union based
What is Cross-Site Scripting (XSS)?
Cross-Site Scripting (XSS): Injection of malicious scripts into otherwise safe websites:
Type 1 (Reflected)
Type 2 (Stored/Persistent)
Type 0 (DOM)
Client (Stored & Reflected): DOM-Based is considered “Client-Based”
Server (Stored & Reflected)