18. Web security: client-side attacks

Question 1

What is session hijacking?

Answer 1

Exploitation of a valid computer session (to gain unauthorised access)

Question 2

What does CSRF stand for?

Answer 2

Cross-site request forgery

Question 3

What is a CSRF attack?

Answer 3

Forces a user to execute an unwanted action, targets state-change requests since attacker cant see responce

Question 4

How do you defend against CSRF? (3)

Answer 4

• Check referrer (ensure request comes from original site)
• Include CSRF token in forms (request becomes unpredictable, can’t be forged)
• Set SameSite attribute on cookie (prevents cookies being sent in cross-site requests)

Question 5

What is the origin

Answer 5

The scheme, host and port of a URL

Question 6

What is the same origin policy?

Answer 6

SOP restricts access to DOM to scripts loaded from the same origin

Question 7

What does XSS stand for?

Answer 7

Cross-site scripting

Question 8

What is an XSS attack?

Answer 8

Malicious scripts are injected into a trusted web site

Question 9

What are the two types of XSS attack?

Answer 9

• Stored

- Reflected

Question 10

What is a stored XSS attack?

Answer 10

Injected script permanently stored on target server (database, forum message, etc)

Question 11

What is a reflected XSS attack?

Answer 11

Injected script is reflected off the web server (error message, search result, other response containing user input)

Question 12

How do you defend against XSS?

Answer 12

• Escape/filter output
• Validate input
• CSP, server whitelists scripts that can appear on page