Web Security

Question 1

Why is HTTP stateless?

Answer 1

Every request-response pair is independent of one another.

HTTP can’t keep track of whether you’ve logged in or not.

HTTP is stateless by nature.

Question 2

What are sessions?

Answer 2

They are a data structure used by a website to store data only during the time user is interacting with the site - used to manage state due to stateless HTTP.

Question 3

What are cookies?

Answer 3

Cookies are client-side files to monitor interactions with a given website.

Eg. for shopping cart personalization, price changing by times you visit

Question 4

What is session hijacking?

Answer 4

Attacker steals cookies or session ID and use it to authenticate by using the same session.

Question 5

What are the OWASP Top 10 vulnerabilities?

Answer 5

1. SQL Injection
2. Broken Authentication & Session Management
3. Sensitive Data Exposure
4. XML External Entities
5. Broken Access Control
6. Security Misconfiguration
7. XSS, XSRF
8. Insecure Serialization
9. Using Components with Vulnerabilities
10. Insufficient Logging & Monitoring

Question 6

What is SQL Injection?

Answer 6

• Results from untrusted data from user being used as part of a query.
• Data tricks SQL interpreter to executing commands or queries it should not.
• Access data user does not have authority for.

Question 7

What does ‘ OR ‘1’ = ‘1’ do if you input it into the username field?

Answer 7

It’ll query all account usernames and since it’s an AND statement, if you put a common password, you will most likely return at least 1 row.

Question 8

What does ‘ OR ‘1’ = ‘1’ do if you input it into a password field?

Answer 8

It’ll allow you to login to that specific account username as OR 1=1 will always return true.

Question 9

Can you use comments in SQL Injection?

Answer 9

Yes - you can use comments like 1=1– to comment rest of the query.

Question 10

How to avoid SQL injections?

Answer 10

Use parameterized queries by preparing statements with variable binding.

Use stored procedures in the SQL Database itself.

Sanitize user input.

Question 11

What is cross-site scripting?

Answer 11

Attacker injects XSS into web pages which are shown to other users, malicious code is then executed in their browser.

Question 12

What is reflected or non-persistent XSS?

Answer 12

• Malicious script reflects off the website into the victim’s browser.
• Passed via query or URL, XSS code is not stored on the server.

Question 13

What is stored or persistent XSS?

Answer 13

• Malicious script is stored on server and sent to victim’s browser to be executed when viewed.

Question 14

What are examples of malicious use of XSS?

Answer 14

• Hijack sessions
• Deface websites
• Redirect users to malicious sites

Question 15

What are XSS defences?

Answer 15

• User input sanitization
• HTML slots for untrusted data
• HTML escape before inserting data into HTML element (change context of script to data).

Question 16

What is XSRF?

Answer 16

Cross Site Request Forgery is an attack that tricks users to execute undesired actions on websites they are currently authenticated on.

Question 17

How do you defend against XSRF?

Answer 17

• Include random challenge token that is RNG’d, expires quickly, and hash comparison of token.