Security

Question 1

Full form of JWT

Answer 1

JSON web tokens

Question 2

What is a JWT ?

Answer 2

an open standard used to share security information between two parties — a client and a server.

Question 3

What do JWTs contain ?

Answer 3

Each JWT contains encoded JSON objects, including a set of claims.

Question 4

How does JWTs make sure their set of claims are not altered ?

Answer 4

JWTs are signed using a cryptographic algorithm to ensure that the claims cannot be altered after the token is issued.

Question 5

What is a disadvantage of using a JWT ?

Answer 5

it relies on only one key

Question 6

What are the repurcussions of JWT relying on only one key

Answer 6

JWT uses only one key, which if handled poorly by a developer/administrator, would lead to severe consequences that can compromise sensitive information.

Question 7

What is an OAuth ?

Answer 7

OAuth is an open standard protocol that provides secure authorization for third-party applications to access user data without requiring the user to share their credentials (i.e., username and password) with the third-party application.

Question 8

OAuth Full form ?

Answer 8

Open Authorization

Question 9

What security protocol can you use to bypass the need for 3rd party applications to store user credentials ?

Answer 9

use OAuth

Question 10

What kind of convenience does OAuth provide ?

Answer 10

OAuth eliminates the need for users to create separate accounts for each application they use, making it easier and more convenient to use multiple applications.

Question 11

How does OAuth provide more control to it’s users ?

Answer 11

OAuth gives users control over which applications have access to their data, and allows them to revoke access at any time.

Question 12

How does OAuth provide a better user experience ?

Answer 12

With OAuth, users can easily authorize third-party applications to access their data without having to manually enter their credentials each time.

Question 13

What is the advantage of OAuth being an “open-standard” ?

Answer 13

widely used and supported by many applications and browsers

Question 14

5 advantages of using OAuth

Answer 14

• Security: OAuth provides a secure method of authorization that eliminates the need for third-party applications to store user credentials.
• Convenience: OAuth eliminates the need for users to create separate accounts for each application they use, making it easier and more convenient to use multiple applications.
• Control: OAuth gives users control over which applications have access to their data, and allows them to revoke access at any time.
• Standardization: OAuth is an open standard, which means that it is widely used and supported across many different platforms and applications.
• Better user experience: With OAuth, users can easily authorize third-party applications to access their data without having to manually enter their credentials each time.

Question 15

4 cons of using OAuth

Answer 15

• Complexity: Implementing OAuth can be complex, especially for developers who are new to the protocol.
• Security concerns: OAuth is susceptible to certain security vulnerabilities, such as session fixation attacks and cross-site request forgery (CSRF) attacks.
• User trust: Some users may be reluctant to grant access to their data to third-party applications, even if they are using OAuth.
• Limited functionality: OAuth may not be suitable for all applications, as it is primarily designed for authorizing access to user data rather than providing full API access.

Question 16

use cases of JWT

Answer 16

• Single sign-on (SSO)
• API authentication
• User authentication and authorization
• Identity verification and sharing
• Mobile app authentication

Question 17

5 use cases of OAuth

Answer 17

• Social media login:
• API authorization:
• Single sign-on (SSO)
• Mobile app authorization
• Internet of Things (IoT) authorization

Question 18

What is a http only cookie ?

Answer 18

A HttpOnly Cookie is a tag added to a browser cookie that prevents client-side scripts from accessing data in that cookie.

Question 19

What disadvantages would one face while using http only cookie ?

Answer 19

The problem with secure cookies is that they can be cracked with enough time. For this reason they are never considered good for high security.

Question 20

Name 4 types of authentication methods

Answer 20

basic authentication, digest authentication, OAuth, and OpenID Connect.

Question 21

Basic Auth vs Digest Auth

Answer 21

Basic authentication involves sending user credentials in plain text, while digest authentication uses a hashed message to authenticate users.

Question 22

How do OAuth and OpenID connect work ?

Answer 22

OAuth and OpenID Connect use tokens to grant access to third-party applications or services.

Question 23

What is CORS ?

Answer 23

Cross-origin resource sharing (CORS) is a browser mechanism which enables controlled access to resources located outside of a given domain.

Question 24

Enlist the shortcomings in regards to CORS

Answer 24

• Complex setup: Setting up and configuring CORS can be a complex and time-consuming process, particularly for larger applications with multiple domains or subdomains.
• Vulnerable to attacks: CORS can be vulnerable to certain types of attacks, such as cross-site request forgery (CSRF) attacks, where an attacker can trick a user into executing malicious requests on behalf of the user.
• Limited browser support: While most modern web browsers support CORS, some older browsers or mobile devices may not support it or may have limited support.
• Limited control: CORS provides limited control over the requests that can be made from a web page to a remote server. This can be a problem for applications that need fine-grained control over the requests made, such as applications that rely on complex caching or authentication schemes.
• Debugging issues: Debugging CORS-related issues can be difficult, as errors are often reported in the browser console without providing clear guidance on how to resolve the issue.
• Additional network traffic: CORS can introduce additional network traffic, as preflight requests are sent to the server to determine whether the actual request is allowed.

Question 25

What is CSP ?

Answer 25

In the context of software security, CSP stands for “Content Security Policy”. It is a mechanism that allows website owners to control which resources can be loaded by their web pages.

Question 26

How does CSP work ?

Answer 26

• CSP works by allowing website owners to define a policy that specifies which types of content can be loaded by their web pages.
• This policy is communicated to the browser using an HTTP header, and the browser enforces the policy by blocking any content that violates it.

Question 27

What kind of attacks can CSP prevent ?

Answer 27

CSP is designed to mitigate the risk of various types of attacks, such as cross-site scripting (XSS) and code injection.

Question 28

What are the repurcussions of not properly setting up CSP ?

Answer 28

it requires careful configuration and testing to ensure that it does not inadvertently block legitimate content or create other security issues.

Question 29

How can you implement CSP ?

Answer 29

With CSP, you can limit which data sources are allowed by a web application, by defining the appropriate CSP directive in the HTTP response header.

Question 30

What is CSRF ?

Answer 30

Cross-Site Request Forgery (CSRF) is an attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated.

Question 31

How does CSRF work ?

Answer 31

With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing.

Question 32

What happens if the CSRF victim is a normal user ?

Answer 32

If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.

Question 33

What happens if the CSRF victim is an admin user ?

Answer 33

If the victim is an administrative account, CSRF can compromise the entire web application.

Question 34

How can you prevent CSRF attacks ?

Answer 34

To prevent CSRF attacks,
- you can use CSRF tokens that are generated on the server and included in the form. These tokens ensure that the request comes from a trusted source and not from an attacker’s website.
- Other mitigation techniques include SameSite cookies, Referrer Policy headers, and verifying the origin of the request.

Question 35

What is MITM ?

Answer 35

A man-in-the-middle (MiTM) attack is a type of cyber attack in which the attacker secretly intercepts and relays messages between two parties who believe they are communicating directly with each other.

Question 36

How does MITM work ?

Answer 36

In a Man-in-the-Middle (MitM) attack,
- an attacker intercepts communication between two parties to eavesdrop, manipulate or inject malicious code.
- The attacker may also impersonate one of the parties to steal data or credentials.This is usually achieved by compromising a router, DNS server or by phishing.
- Once the attacker has access to the communication, they can manipulate it without the users knowing.

Question 37

Enlist 5 ways via which you can prevent MITM attacks

Answer 37

Here are a few ways to prevent MITM attacks:

• Use secure communication protocols like TLS/SSL.
• Deploy mutual authentication and secure key exchange mechanisms.
• Implement strong access control mechanisms to limit an attacker’s ability to infiltrate thenetwork.
• Use encryption to protect sensitive data from interception.
• Regularly monitor network traffic for suspicious activity.

Question 38

Name 4 types of MITM attacks

Answer 38

IP spoofing, DNS spoofing, SSL hijacking, and session hijacking.

Question 39

What is OWASP top 10 ?

Answer 39

The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.

Question 40

Enlist OWASP top 10

Answer 40

Here are the top 10 security risks:

• Injection: Occurs when untrusted data is sent to an interpreter as part of a command or query, which allows the attacker to execute malicious code or access sensitive data.
• Broken Authentication and Session Management: When the authentication and session management mechanisms are improperly implemented, attackers can compromise user credentials and impersonate users.
• Cross-Site Scripting (XSS): Attackers inject malicious code into a web page that is viewed by other users. This allows the attacker to steal user data, modify content, or execute arbitrary code.
• Broken Access Control: When the application does not properly enforce access controls, attackers can access sensitive data and functionality.
• Security Misconfiguration: When security controls are not properly configured, attackers can exploit these vulnerabilities.
• Insecure Cryptographic Storage: When sensitive data is not properly encrypted, attackers can easily access and steal it.
• Insufficient Transport Layer Protection: When web traffic is not encrypted, attackers can intercept the data and steal sensitive information.
• Insecure Communications: When communication channels are not properly secured, attackers can exploit vulnerabilities and steal sensitive data.
• Improper Error Handling: Improper error handling allows attackers to obtain sensitive information, such as database schema, server software, or user passwords.
• Insecure APIs: APIs that are not properly secured can be exploited by attackers to gain unauthorized access to systems or data.

Question 41

Enlist 10 web security best practices

Answer 41

• Use strong authentication mechanisms, such as multi-factor authentication, to prevent unauthorized access to sensitive data.
• Regularly apply software patches and updates to fix known security vulnerabilities and improve overall system security.
• Use secure communication protocols, such as HTTPS, to encrypt data in transit and prevent man-in-the-middle attacks.
• Implement access controls and least privilege principles to ensure that only authorized users have access to sensitive data and resources.
• Regularly perform security audits and penetration testing to identify and remediate potential security weaknesses.
• Use a web application firewall to protect against known attacks and to monitor traffic for suspicious behavior.
• Follow secure coding practices, such as input validation and output encoding, to prevent common web application vulnerabilities like cross-site scripting and SQL injection.
• Implement strong password policies and encourage users to use unique and complex passwords to prevent credential stuffing attacks.
• Regularly backup critical data to protect against data loss and implement a disaster recovery plan to quickly restore services in case of an attack or outage.
• Provide security awareness training to all employees to ensure that they understand the importance of security and their role in protecting sensitive data and systems.

Question 42

How does OAuth provide more control to it’s users ?