1
Q
What were the OWASP top 6 from 2017?
A
Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken Access Control, Security Misconfiguration
2
Q
What are some possible defenses to SQL injections?
A
Input Sanitization, Prepared Statements
3
Q
What types of XSS attacks are there?
A
Non-persistent / Reflected XSS, Persistent / Stored XSS, DOM-based XSS
4
Q
What are some difficulties with detecting DOM-based XSS?
A
- Malicious URL exists only at the victim’s side
- Malicious URL exists only at a certain point in time
- Malicious URL is created dynamically
5
Q
What are some defenses against XSS?
A
Input sanitization, CSP
6
Q
What are some defenses against XSRF?
A
XSRF Tokens, Limit Sessions, Multi-factor Auth, Check HTTP Referrer
7
Q
What are countermeasures against Clickjacking?
A
Old: X-Frame-Options, Modern: CSP: frame-ancestors
SecEng
flashcards
Decks in class (20)
# Cards
-
Introduction and Fundamentals5
-
Security Principles13
-
Security, Usability, Psychology23
-
Threat Modeling16
-
Web Application Security7
-
System-Level Security: Buffer Overflows1
-
Mobile Application Security7
-
Obfuscation27
-
Software-based Integrity Protection27
-
Hardware-based Integrity Protection9
-
Side-channel Attacks9
-
Privacy Enhancing Technologies13
-
Misconfiguration4
-
Intrusion Detection7
-
Fuzzing4
-
Malware15
-
Pentesting6
-
More on Passwords3
-
Incident Response3
-
Risk analysis6
