Attacks Flashcards
What are the 5 different injection attacks?
Cross-site request forgery (CSRF)
Cross-site scripting (XSS)
SQL injection
System command injection
Remote file inclusion
Cross-site Request Forgery (CSRF) attack
Attackers trick users into unintentionally executing actions on a web application where they are authenticated.
This can lead to unauthorized actions being performed on behalf of the victim without their knowledge or consent.
Takes advantage of the browser-target trust.
How to prevent CSRF
Double-submit cookie prevention = When a user visits a website, the site generates a value that stores as a cookie on the user’s device, apart from the session identifier cookie.
Same-site cookie prevention = restrict a origin of which a cookie can be sent
Cross-Site Scripting attack (XSS)
Attackers inject malicious scripts into websites, compromising the security and privacy of users.
Two-way attack → Allows for both sending and receiving.
What are the 3 types of XSS
Stored, Reflected & DOM based
Describe Stored VSS
More dangerous
Stored attacks are those where the injected script is permanently stored on the target servers, such as in a database, in a message forum, visitor log, comment field, etc.
The victim then retrieves the malicious script from the server when it requests the stored information.
Describe Reflected XSS
Reflected attacks are those where the injected script is reflected off the web server.
When a user is tricked into clicking on a malicious link, submitting a specially crafted form, or even just browsing to a malicious site, the injected code travels to the vulnerable web site, which reflects the attack back to the user’s browser.
The browser then executes the code because it came from a “trusted” server.
Describe DOM based XSS (shortly)
happens on the client side without server interaction.
This is in contrast to other XSS attacks (stored or reflected), wherein the attack payload is placed in the response page (due to a server side flaw).
How to prevent XSS & CSRF
Sanitizing the inputs from header or another input field.
Or for CSRP when take in a header input, look specifically for characters needed to collect the page from the server and discard possible malicious code after that.
SQL injection
A SQL injection attack consists of insertion or “injection” of a SQL query via the input data from the client to the application.
How to prevent SQL injection
Use parameterized prepared statements
Use code review, penetration testing & static analysis
Use input validation as secondary defense when using bind variables
Practice the principle of least privilege to limit the impact of SQL injections.
What are the differences between CSRF & XSS
CSRF:
-User trusts a badly
implemented website
-Attacker injects a script into the
trusted website
-User’s browser executes
attacker’s script
XSS:
-A badly implemented website
trusts the user
-Attacker tricks user’s browser
into issuing requests
-Website executes attacker’s
requests
System Command injection
“A cyber attack that involves executing arbitrary commands on a host operating system (OS)”
Remote file inclusion
Allows an attacker to include a file, usually exploiting a “dynamic file inclusion” mechanisms implemented in the target application.
The vulnerability occurs due to the use of user-supplied input without proper validation.
(The attack means that a person can execute their own script code on someone else’s server.)
Smash the stack attack
A cyberattack that causes a stack buffer overflow.
Can lead to:
Unauthorized access
Injecting malicious code into a running program
Can protect against with:
Use memory safe languages (Rust etc)
Mitigation:
Address randomization
Non-executable memory
Stack canaries
