Web Security Flashcards
What is the difference between Authentication & Authorisation?
The process of asserting someone is who they claim to be.
Authorisation = rules that determine who is allowed to do what. E.g. Adam may be authorised to create and delete databases, while Usama is only authorised to read.
Authentication = login + password (who you are) Authoriastion = permissions (what you are allowed to do)
Authentication = Verification Authorisation = Permissions
What is security testing?
Its main objective is to find vulnerabilities in any software (web or networking) based application and protect their data from possible attacks or intruders.
What is a “Vulnerability”?
A Vulnerability is weakness of any system through which intruders or bugs can attack on the system.
If rigorously security testing has not been done, the chance of vulnerabilities increases.
What is CSP (Content Security Policy)?
A HTTP header that allows site operators control over where resources on their site can be loaded from.
The use of this header is the best method to prevent cross-site scripting (XSS) vulnerabilities.
CSP is mandatory for all new websites and is strongly recommended for all existing high-risk sites.
What is Cross-Site Scripting?
Cross-Site Scripting (XSS) is an attack that occurs when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.
What is CORS?
CORS (cross-origin resource sharing) = a request for a resource (like an image or a font) outside of the origin is known as a cross-origin request.
CORS manages cross-origin requests.
CORS allows servers to specify who (i.e., which origins) can access the assets on the server, among many other things.