Web Application Security Flashcards

1
Q

What is an injection attack?

A

Injection flaws, such as SQL, OS, and LDAP injection occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is a broken authentication and session management attack?

A

Application functions related to authentication and session management are often not implemented correctly, allowing attackers to compromise passwords, keys, or session tokens, or to exploit other implementation flaws to assume other users’ identities.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is a cross-site-scripting or xss attack?

A

XSS flaws occur whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping. XSS allows attackers to execute scripts in the victim’s browser which can hijack user sessions, deface web sites, or redirect the user to malicious sites.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is an insecure direct object references attack?

A

A direct object reference occurs when a developer exposes a reference to an internal implementation object, such as a file, directory, or database key. Without an access control check or other protection, attackers can manipulate these references to access unauthorized data.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What happens when security is misconfigured?

A

Good security requires having a secure configuration defined and deployed for the application, frameworks, application server, web server, database server, and platform. Secure settings should be defined, implemented, and maintained, as defaults are often insecure. Additionally, software should be kept up to date.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Mutillidae?

A

OWASP mutillidae II is a free, open source, deliberately vulnerable web-application providing a target for web-security enthusiast.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Why are the Dal CS servers separate?

A

Because of stability where if one of them is down emails and database can still be accessed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is sensitive data exposure?

A

Many web applications do not properly protect sensitive data, such as credit cards, tax IDs, and authentication credentials. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data deserves extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the importance of an access control check?

A

Most web applications verify function level access rights before making that functionality visible in the UI. However, applications need to perform the same access control checks on the server when each function is accessed. If requests are not verified, attackers will be able to forge requests in order to access functionality without proper authorization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a cross site request forgery?

A

A CSRF attack forces a logged-on victim’s browser to send a forged HTTP request, including the victim’s session cookie and any other automatically included authentication information, to a vulnerable web application. This allows the attacker to force the victim’s browser to generate requests the vulnerable application thinks are legitimate requests from the victim.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Why is it important to keep our applications/components up to date?

A

Components, such as libraries, frameworks, and other software modules, almost always run with full privileges. If a vulnerable component is exploited, such an attack can facilitate serious data loss or server takeover. Applications using components with known vulnerabilities may undermine application defenses and enable a range of possible attacks and impacts.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is an unvalidated redirect? What makes it a security risk?

A

Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is an unvalidated redirect? What makes it a security risk?

A

Web applications frequently redirect and forward users to other pages and websites, and use untrusted data to determine the destination pages. Without proper validation, attackers can redirect victims to phishing or malware sites, or use forwards to access unauthorized pages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a parameterized SQL statement and what are the advantages of using them?

A

A parameterized statement is a feature used to execute the same or similar database statements repeatedly with high efficiency. Typically used with SQL statements such as queries or updates, the prepared statement takes the form of a template into which certain constant values are substituted during each execution.

–The overhead of compiling and optimizing the statement is incurred only once, although the statement is executed multiple times. Not all optimization can be performed at the time the prepared statement is compiled, for two reasons: the best plan may depend on the specific values of the parameters, and the best plan may change as tables and indexes change over time.

–Prepared statements are resilient against SQL injection, because parameter values, which are transmitted later using a different protocol, need not be correctly escaped. If the original statement template is not derived from external input, SQL injection cannot occur.

–On the other hand, if a query is executed only once, server-side prepared statements can be slower because of the additional round-trip to the server.Implementation limitations may also lead to performance penalties: some versions of MySQL did not cache results of prepared queries,[4] and some DBMSs such as PostgreSQL do not perform additional query optimization during execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is HTTP Output Processing and why is it important?

A

Improper output handling may take various forms within an application. These forms can be categorized into: protocol errors, application errors and data consumer related errors. Protocol errors include missing or improper output encoding or escaping and outputting of invalid data. Application errors include logic errors such as outputting incorrect data or passing on malicious content unfiltered. If the application does not properly distinguish legitimate content from illegitimate, or does not work around known vulnerabilities in the data consumer, it may result in data-consumer abuse caused from improper output handling.

An application that does not provide data in the correct context may allow an attacker to abuse the data consumer. This can lead to specific threats referenced within the WASC Threat Classification, including Content Spoofing, Cross-Site Scripting, HTTP Response Splitting, HTTP Response Smuggling, LDAP Injection, OS Commanding, Routing Detour, Soap Array Abuse, URL Redirector, XML Injection, XQuery Injection, XPath Injection, Mail Command Injection, Null Injection and SQL Injection.

Proper output handling prevents the unexpected or unintended interpretation of data by the consumer. To achieve this objective, developers must understand the application’s data model, how the data will be consumed by other portions of the application, and how it will ultimately be presented to the user. Techniques for ensuring the proper handling of output include but are not limited to the filtering and sanitization of data (more detail on output sanitization and filtering can be found in appropriately titled sections below). However, inconsistent use of selected output handling techniques may actually increase the risk of improper output handling if output data is overlooked or left untreated. To ensure “defense in depth” developers must assume that all data within an application is untrusted when choosing appropriate output handling strategies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are some ways we can be attacked if we use improper HTTP output processing?`

A

Inside HTTP Headers
–HTTP headers exist in both the HTTP Request and HTTP Response and define various characteristics of the client and the requested resource. Attacks against HTTP headers typically involve the injection of Carriage Return/Line Feeds (CR/LF) in order to change the HTTP message structure. By changing the message structure it is possible to abuse both clients (e.g. browsers), and servers (application servers, proxies, and web servers). Notable attacks include HTTP Response Splitting [8], HTTP Response Smuggling [9], and URL Redirector Abuse [14].

Inside HTML Tags
–Text between HTML tags, in the form text, is usually treated by the browser as text to be displayed to the user. If data is included in this text and is not properly escaped, the data may be unintentionally treated as HTML markup and lead to vulnerabilities. Data reflected into tags such as and <style>require additional care to prevent the introduction of additional vulnerabilities. Notable attacks include Cross-Site Scripting [7], Cross-Site Request Forgery [25], and Content Spoofing [6].</style>

Inside HTML Attributes
–Tag attribute content, in the form <tag>, is another common insertion point for application data in web applications. HTML attribute data always requires escaping to avoid the data being inadvertently treated as HTML markup. Many attributes have special meaning and require additional attention to avoid introducing vulnerabilities. For example the "href" attribute, even if properly encoded will be treated as a script if it starts with "javascript:" (e.g <a>link</a>). The "href", image "src", form "action", and other URL attributes may also be exploited to create cross-site-request-forgery attacks. The Web Application Security Consortium's Script Mapping Project [21] was created in an attempt to map out the script execution behaviors of particular HTML attributes. Notable attacks include Cross-Site Scripting [7], Cross-Site Request Forgery [25], and Content Spoofing [6].</tag>