Security/Troubleshooting Flashcards Preview

General > Security/Troubleshooting > Flashcards

Flashcards in Security/Troubleshooting Deck (15):
1

ssh

  • secure shell
  • a network protocol used to connect to a remote server securely and run commands on it
  • built into terminal
  • putty is windows alternative

2

session hijacking

  • a security attack
  • attacker gains access to a valid session in order to impersonate another user (session fixation)
  • usually done by sniffing packets, or gaining physical access to the comptuer

Solutions

  • encryption (https)

3

public key cryptography

Steps

  1. server/website makes public key available to client
  2. client encrypts information with server's public key
  3. client sends encrypted message to server
  4. server decrypts message with its private key

4

ssl

  • refer to certificates used to confirm that encryption (https) is being used in a connection
  • also refers to two security protocols: TLS (Transport Layer Security) and SSL (Secure Sockets Layer)
  • thse protocols use public key cryptography
  • typically, developers buy certificates from a trusted authority
  • individuals can create their own certificate, but browsers will throw a warning when someone visits the site because it isn't verified by an authority

Steps

  1. Client makes request to connect to server
  2. Server responds to request with certificate and public key
  3. Client checks if certificate is verified by an authority
  4. If so, client encrypts http request with public key, sends to server
  5. Server decrypts with private key

5

same origin policy

  • imposes restrictions on the ability of a webpage to access data from another site
  • generally speaking, website A cannot run scripts on/access data from website B if origins are different
  • where origin consists of protocol, port, host
  • exceptions exist, like for images (which come from websites with a different origin)

6

sql injection

  • a security attack
  • attacker inserts nefavious SQL statements into a form field on the client side
  • If server is taking form input and inserting it into an SQL query, query will be modified and yield unsafe results
  • avoid by using  mysql_real_escape_string, which automatically escapes quote chars from user

7

xss

  • cross site scripting
  • a security vulnerability
  • attacker insert a script tag in docment with malicious code
  • tag is usually inserted in user input form field or as URL query parameter

Solution

  • encode/escape user input

8

csrf

  • cross-site request forgery
  • a website attack
  • uses the fact that user has been authenticated (via a cookie) and tricks user into performing privledged, detrmental behavior

Example/Steps

  • a user is logged into website A (ex: a bank) and authenticated using a cookie
  • elsewhere, a hacker creates a link to website A with query parameters for behavior he wants (ex: send me all his money)
  • hacker exposes user to link, and user click it, unwittingly performing the behavior hacker wants

Solution

  • Use a server-generated, one-time token
  • Use a captcha
  • Use http referrer header which indicates which website http request came from
    • referrer domain should match post domain

9

10

curl

  • command line tool used to transfer data using different web protocols
  • useful for testing RESTful APIs, amongst other things
  • curl -I example.com
    • returns the headers of an http response

11

telnet

  • an internet protocol
  • used to control one computer from another
  • grants access to a command line interface on a server remotely from another computer

12

13

dns

vulnerability

  • hacker compromises local DNS table, and redirects client to a shady website when they try to access a normal website

14

troubleshooting tools

  • telnet
    • good for checking headers
  • curl
    • good for API checking
  • dev tools
    • check HTTP headers
    • waterfalls

15

xss

  • cross-site scripting
  • a security vulnerability
  • attacker inserts a tag with malicious code somewhere in the document somewhere in the page and places malicious JavaScript inside
  • usually uses an input form or URL parameter

Solution

  • escape/encode all user inputon the server side
  • usually using a user input field or an query parameter
  • Solution

    • escape/encode user input