Topic 2: Web Vulnerabilities Flashcards
What are the 2 types of XSS attacks?
stored: code stored on target server
reflected: code added to URL, delivered to client, executed immediately
how does Cross site scripting (xss) work?
attacker injects malicious scripts into webpage visited by victim, bypass origin policy
how is info exfiltrated?
form redirection: script nonce/hashes ensure that only valid scripts run
what are some xss defenses?
application-level firewalls, browser filters, input escaping, static code analysis
where do vulnerabilities come from?
3rd party & software supply chain
what is CSRF
attacker sends arbitrary http requests on behalf of victim
what does CSRF stand for
cross-site request forgery
how does CSRF work?
user authenticated with site A/logged on, malicious site B tricks user into submitting malicious site request to site A
CSRF home router example
CSRF against router, now attacker can add names to DNS, disable wireless authentication, disable firewalls, set new passwords
CSRF countermeasures
server-side: generate token as part of form and validates upon reception (use IDs, hashes)
client-side: cookie flag “samesite=strict” prevents the browser from attaching cookies to 3rd party requests
biggest issue with websecurity?
handling of user input as input validation cannot be done on the client
secure coding practices for SQL injection
- developers must never allow client-supplied data to modify SQL statements
- required SQL statements should be stored procedures in database server
- use prepared statements
