Web security Flashcards
Describe how cross-site scripting works
There are two main types of cross-site scripting attacks: Stored (or persistent) XSS, which is when malicious script is injected directly into the vulnerable application, and reflected XSS, which involves ‘reflecting’ malicious script into a link on a page, which will activate the attack once the link has been clicked.
Describe one countermeasure for XSS attacks
Escape untrusted data based on output context
How does a cross-site request forgery attack work
CSRF is an attack that tricks the victim into submitting a malicious request. It inherits the identity and privileges of the victim to perform an undesired function on the victim’s behalf. For most sites, browser requests automatically include any credentials associated with the site, such as the user’s session cookie, IP address, Windows domain credentials, and so forth. Therefore, if the user is currently authenticated to the site, the site will have no way to distinguish between the forged request sent by the victim and a legitimate request sent by the victim.
How does SQL injection work
SQL injection usually occurs when you ask a user for input, like their username/userid, and instead of a name/id, the user gives you an SQL statement that you will unknowingly run on your database.
How can you prevent CSRF attacks?
Use CSRF tokens to prevent.
How can you prevent SQL injections?
Use parameterized queries or an object-relational mapping.
What is Broken Authentication and Session Management?
Authentication and session management includes all aspects of handling user authentication and managing active sessions. Authentication is a critical aspect of this process, but even solid authentication mechanisms can be undermined by flawed credential management functions, including password change, forgot my password, remember my password, account update, and other related functions. Because “walk by” attacks are likely for many web applications, all account management functions should require reauthentication even if the user has a valid session id.
How can you mitigate Broken Authentication and Session Management?
Avoid default credentials, use secure password hashing, good password policies, protect against account- and password brute-forcing, use two factor authentication (2FA) if possible.
What is XML External Entity?
An XML External Entity attack is a type of attack against an application that parses XML input. This attack occurs when XML input containing a reference to an external entity is processed by a weakly configured XML parser. This attack may lead to the disclosure of confidential data, denial of service, server side request forgery, port scanning from the perspective of the machine where the parser is located, and other system impacts.
How can you prevent an XML External Entity exploit?
Disable XML external entity and DTD processing and upgrade XML parsers. Validate all user inputs.
How can you prevent sensitive data exposure?
Encrypt data at rest and in transit. Only trusted services can decrypt.
What is Broken acces control?
Access control, sometimes called authorization, is how a web application grants access to content and functions to some users and not others. These checks are performed after authentication, and govern what ‘authorized’ users are allowed to do. Access control sounds like a simple problem but is insidiously difficult to implement correctly. A web application’s access control model is closely tied to the content and functions that the site provides. In addition, the users may fall into a number of groups or roles with different abilities or privileges.
Developers frequently underestimate the difficulty of implementing a reliable access control mechanism. Many of these schemes were not deliberately designed, but have simply evolved along with the web site. In these cases, access control rules are inserted in various locations all over the code. As the site nears deployment, the ad hoc collection of rules becomes so unwieldy that it is almost impossible to understand.
How can you prevent Broken access control?
Test your code and application
What is Security misconfigurations?
Manual or ad-hoc system configurations commonly create security vulnerabilities
How can you prevent security misconfigurations?
System hardening and automation, disable unnecessary features and talkative error messages, check configs.
