Web Application Security Flashcards

1
Q

What were the OWASP top 6 from 2017?

A

Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken Access Control, Security Misconfiguration

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are some possible defenses to SQL injections?

A

Input Sanitization, Prepared Statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What types of XSS attacks are there?

A

Non-persistent / Reflected XSS, Persistent / Stored XSS, DOM-based XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What are some difficulties with detecting DOM-based XSS?

A
  • Malicious URL exists only at the victim’s side
  • Malicious URL exists only at a certain point in time
  • Malicious URL is created dynamically
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are some defenses against XSS?

A

Input sanitization, CSP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are some defenses against XSRF?

A

XSRF Tokens, Limit Sessions, Multi-factor Auth, Check HTTP Referrer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are countermeasures against Clickjacking?

A

Old: X-Frame-Options, Modern: CSP: frame-ancestors

How well did you know this?
1
Not at all
2
3
4
5
Perfectly