Web App Testing Flashcards
(18 cards)
What are the 3 types of XSS attacks?
Stored, Reflected, Dom-Based
Describe Stored XSS.
This is a type of web application vulnerability where an attacker injects malicious JavaScript code into a web application, and this code is stored on the server (in a database, file, or other persistent storage).
Describe Reflected XSS.
This is a type of web application vulnerability where malicious JavaScript code is injected into a website via a user-supplied input (such as a URL, query parameter, or form input). This code is immediately reflected back by the server in the response, and is executed in the user’s browser when they visit the malicious URL.
Describe Dom-Based XSS.
This is a type of Cross-Site Scripting (XSS) vulnerability where the attack is executed entirely on the client-side (in the user’s browser) rather than being reflected or stored on the server.
What is SQL Injection?
This is a type of attack where an attacker exploits vulnerabilities in a web application’s input fields (such as forms, search bars, or URLs) to manipulate an SQL query.
List the OWASP top 10.
- Broken Access Control
- Cryptographic Failures
- Injection
- Insecure Design
- Security Misconfiguration
- Vulnerable and Outdated Components
- Identification and Authentication Failures
- Software and Data Integrity Failures
- Security Logging and Monitoring Failures
- Server-Side Request Forgery (SSRF)
List 5 types of SQL Injection.
- In-Band SQL Injection (Error-Based, Union-Based)
- Blind SQL Injection (Boolean-Based, Time-Based)
- Out-of-Band SQL Injection
- Second-Order SQL Injection
- Tautology-Based SQL Injection
What are four types of server side vulnerabilities?
- Server-Side Request Forgery (SSRF)
- Server-Side Template Injection (SSTI)
- Server-Side Includes Injection (SSI)
- eXtensible Stylesheet Language Transformations (XLST) Server-Side Injection
Describe Server-Side Request Forgery (SSRF)
This is a vulnerability where an attacker can manipulate a web app into sending unauthorized requests from the web server.
Describe Server-Side Template Injection (SSTI)
This vulnerability occurs when user input is unsafely embedded in server-side templates, allowing attackers to inject and execute template code on the server.
Describe Server-Side Includes Injection (SSI)
This vulnerability occurs when user input is unsafely included in SSI directives, allowing attackers to inject and execute server-side commands or scripts.
Describe eXtensible Stylesheet Language Transformations (XLST) Server-Side Injection
An XSLT vulnerability occurs when user input is unsafely incorporated into XSLT transformations, allowing attackers to inject and execute arbitrary XSLT code on the server.
Describe a real world example of SSRF.
A web app allows users to provide a URL to fetch and display a profile picture. If the app does not properly validate the URL, an attacker may specify an internal address such as http://localhost.
Describe a real world example of SSI.
SSI can be used to include content that is present in all HTML pages, such as headers or footers. When an attacker can inject commands into the SSI directives, Server-Side Includes (SSI) Injection can occur.
What can exploitation of a SSRF vulnerability lead to?
accessing internal systems, bypassing firewalls, and retrieving sensitive information.
Describe a real world example of SSTI.
One example is when a web application uses user input directly in a server-side template such as:
template = “Hello, “ + user_input
render(template).
If an attacker supplies {{7*7}} as input, and the template engine evaluates it, the output will be Hello, 49, demonstrating that arbitrary template code can be injected and executed.
Describe SSI Directives
SSI directives are special commands embedded in web pages (usually within HTML comments like <!--#echo var="DATE_LOCAL" -->) that instruct the web server to perform actions such as including files, executing scripts, or displaying environment variables before sending the page to the user.
Describe XLST Transformations
XSLT transformations are processes where XML data is converted into other formats (such as HTML, plain text, or different XML structures) using XSLT (Extensible Stylesheet Language Transformations) stylesheets that define how the data should be transformed and presented.
