Week 7 - Web Security Threats

Question 1

What is Cross Site Scripting (XSS)

Answer 1

XSS is when the attacker embeds malicious client-side scripts into a legitimate website

Question 2

Where does XSS happen?

Answer 2

when a website does not sanitize user input.

Question 3

what are the two XSS categories?

Answer 3

Stored XSS attack and
Reflected XSS attack

Question 4

what is Stored XSS attack?

Answer 4

attacker injects malicious script into a webpage, then stores it into it’s database.

victim requests data from the database but receives the compromised data

Question 5

How does a stored XSS attack work on vulnerable websites?

Answer 5

the website must have an area of user input that is stored in a database and can be retrieved by the victim without being processed.

e.g a comment section

Question 6

What are potential consequences of a stored XSS attack?

Answer 6

the attacker can redirect the victim to another website where malicious actions like:

phishing, malware downloads, accessing session cookies, or redirecting users to harmful websites.

<script>
window.open(‘http://unsafewebsite.html’)
</script>

Question 7

What is a reflected XSS attack?

Answer 7

Malicious script is stored in the URL and the server reflects this back to the user’s browser.

Question 8

How can an attacker deliver a reflected XSS payload to the victim?

Answer 8

an attacker might send a malicious URL via email or via forums, using URL shorteners to disguise the script

Question 9

How to mitigate XSS attacks?

Answer 9

1. don’t allow untrusted data to be inserted into sensitive areas
2. use proper encoding (HTML encoding) for all user input to ensure it cannot be executed as script.

Question 10

What is broken Authentication?

Answer 10

when an attacker is able to compromise passwords, session keys or user account information to assume the user’s identity

Question 11

How does Broken Authentication happen?

Answer 11

when people choose their own password or session management. it is risky because it makes the system prone to vulnerabilities

Question 12

What is Sensitive Data Exposure?

Answer 12

when sensitive information (passwords, credit card details etc) are exposed or compromised due to security flaws (poor encryption or lack of access control)

Question 13

How does Sensitive Data Exposure happen?

Answer 13

through SQL injection attacks or compromises of databases or other services

Question 14

How can you mitigate sensitive data exposure?

Answer 14

• do not store unnecessary sensitive information
• use appropriate access and authentication controls
• encrypt sensitive data

Question 15

What are XML External Entities (XXE) vulnerabilites?

Answer 15

when XML processes in a website are provided with malicious external data. This data could be a virus or a form of malware

Question 16

How can you mitigate XML External Entities (XXE) vulnerabilities?

Answer 16

• use JSON rather than XML
• update older XML processors to the recent version
• disabling external entities processing on web applications

Question 17

What is Security Misconfiguration?

Answer 17

when a system is not securely configured, often involving issues like weak passwords or outdated software/patches

Question 18

How can you mitigate security misconfigurations?

Answer 18

• avoiding default configurations for usernames and passwords
• keeping systems up-to-date with patches
• regularly scanning for vulnerabilities.

Question 19

What is Broken Access Control?

Answer 19

when a system allows unauthorised users to access or perform actions on resources they should not have access to

Question 20

example of Broken Access Control - Direct Object?

Answer 20

when a user changes parameters in the URL to access data or resources they are not authorised to

Question 21

How can you fix direct object references?

Answer 21

ensure that the system checks if the authenticated user has permission to access the resource before executing any action or serving data.

Question 22

What is Missing Function Level Access Control?

Answer 22

Occurs when requests for functionality are fulfilled without checking the
user has authorisation

Question 23

How can you mitigate Missing Function Level Access Control?

Answer 23

• Don’t show the user functions which they shouldn’t be
  able to access
• Check access to functionality before providing it
• Authorisation should be implemented for all functionality

Question 24

What is Serialisation

Answer 24

takes an object and turns into a data format that can be restored at another time (deserialisation)

Question 25

What is insecure deserialization?

Answer 25

when data that has been serialised has been manipulated by an attacker before it is deserialised. leading to unathorised access to a system

Question 26

How does insecure deserialization pose a security risk?

Answer 26

if user’s data is not properly validated before deserialisation, attackers can modify the serialised data to gain unauthorised access