Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Security > WebSec > Flashcards

WebSec Flashcards

1
Q

Cross-Site Request Forgery

A
  1. user logs into bank and gets a session cookie
  2. user visits another malicious website that does CSRF:
    e.g:
    form name=”transfer”
    action=”http://bank.com/Transfer.php”
    input name=”recipient” value=”badguy” /input name=”amount” value=”100000”> /form
    script document.transfer.submit(); /script
  3. browser send cookie and payment fulfilled
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Anti-CSRF Token

A
  • includes with every form a random token

- server process only with valid right token

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Referrer Validation

A
  • check if it’s right URL

- > still head might be suppressed

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Double Submit Cookies

A
  • gives user 2 cookies
  • session and anti-CSRF cookie
  • sends anti-CSRF cookie in hidden form field
  • > cookie tossing is possible; if attack controls subdomain he might set token value
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Custom Request Header

A
  • makes a costume XMLHttpRequest headers

- > applications would have to be changed significantly

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Cross-site Scripting (XSS)

A

Server Client
Reflected user must visit malicious link
no change to server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

XSS Mitigation

A
  • use safe library’s
  • sanitise input
  • detect client side XSS by paterns
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

HttpOnly Cookies

A
  • sends over HTTP(S) cookie which then can’t be accessed by document.cookie
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Content Security Policy (CSP)

A
  • CSP controls what/from where content can be added
  • CSP by default disables inline script and style attributes

e.g.
script-src ‘self’: Only allow JavaScript per files from same origin
img-src ‘self’ img.com: Only allow images from same origin and img.com

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Command Injection in PHP

A

e. g.
http: //victim.com/calc.php?number=5 -> 5 user input
http: //victim.com/calc.php?number=5; system(‘rm .’);

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

SQL Injection

A

e.g.
normal:
SELECT pizza, toppings, quantity, order_day
FROM orders
WHERE userid=4123 AND order_month=10
malicious:
SELECT pizza, toppings, quantity, order_day
FROM orders
WHERE userid=4123 AND order_month=0 OR 1=1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Blind SQL Injection

A
  • if feedback from DB table is invisible to attacker

- has to use side channel to learn result

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Preventing SQL Injection

A
  • use prepared statements
  • most times problem is that user code is interpreted as programming code
  • use placeholders to guaranteed to be data
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Security (10 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions