Week 7 - Web Security Threats Flashcards
What is Cross Site Scripting (XSS)
XSS is when the attacker embeds malicious client-side scripts into a legitimate website
Where does XSS happen?
when a website does not sanitize user input.
what are the two XSS categories?
Stored XSS attack and
Reflected XSS attack
what is Stored XSS attack?
attacker injects malicious script into a webpage, then stores it into it’s database.
victim requests data from the database but receives the compromised data
How does a stored XSS attack work on vulnerable websites?
the website must have an area of user input that is stored in a database and can be retrieved by the victim without being processed.
e.g a comment section
What are potential consequences of a stored XSS attack?
the attacker can redirect the victim to another website where malicious actions like:
phishing, malware downloads, accessing session cookies, or redirecting users to harmful websites.
<script> window.open(‘http://unsafewebsite.html’) </script>
What is a reflected XSS attack?
Malicious script is stored in the URL and the server reflects this back to the user’s browser.
How can an attacker deliver a reflected XSS payload to the victim?
an attacker might send a malicious URL via email or via forums, using URL shorteners to disguise the script
How to mitigate XSS attacks?
- don’t allow untrusted data to be inserted into sensitive areas
- use proper encoding (HTML encoding) for all user input to ensure it cannot be executed as script.
What is broken Authentication?
when an attacker is able to compromise passwords, session keys or user account information to assume the user’s identity
How does Broken Authentication happen?
when people choose their own password or session management. it is risky because it makes the system prone to vulnerabilities
What is Sensitive Data Exposure?
when sensitive information (passwords, credit card details etc) are exposed or compromised due to security flaws (poor encryption or lack of access control)
How does Sensitive Data Exposure happen?
through SQL injection attacks or compromises of databases or other services
How can you mitigate sensitive data exposure?
do not store unnecessary sensitive information
use appropriate access and authentication controls
encrypt sensitive data
What are XML External Entities (XXE) vulnerabilites?
when XML processes in a website are provided with malicious external data. This data could be a virus or a form of malware
How can you mitigate XML External Entities (XXE) vulnerabilities?
use JSON rather than XML
update older XML processors to the recent version
disabling external entities processing on web applications
What is Security Misconfiguration?
when a system is not securely configured, often involving issues like weak passwords or outdated software/patches
How can you mitigate security misconfigurations?
avoiding default configurations for usernames and passwords
keeping systems up-to-date with patches
regularly scanning for vulnerabilities.
What is Broken Access Control?
when a system allows unauthorised users to access or perform actions on resources they should not have access to
example of Broken Access Control - Direct Object?
when a user changes parameters in the URL to access data or resources they are not authorised to
How can you fix direct object references?
ensure that the system checks if the authenticated user has permission to access the resource before executing any action or serving data.
What is Missing Function Level Access Control?
Occurs when requests for functionality are fulfilled without checking the
user has authorisation
How can you mitigate Missing Function Level Access Control?
Don’t show the user functions which they shouldn’t be
able to access
Check access to functionality before providing it
Authorisation should be implemented for all functionality
What is Serialisation
takes an object and turns into a data format that can be restored at another time (deserialisation)
What is insecure deserialization?
when data that has been serialised has been manipulated by an attacker before it is deserialised. leading to unathorised access to a system
How does insecure deserialization pose a security risk?
if user’s data is not properly validated before deserialisation, attackers can modify the serialised data to gain unauthorised access
