Web Concerns Flashcards
(9 cards)
Why are web clients vulnerable to malicious users?
Users control web clients, allowing tampering with all data. Sensitive info and implementation details sent to the client are discoverable, and client-side validation can be bypassed.
Why is server-side validation critical for web security?
Client-side validation can be bypassed, so important validation must be double-checked on the server to ensure security.
Why is network traffic from web clients untrustworthy?
Traffic may not come from a web browser and can be tampered with after leaving the browser, making it unreliable.
What risks arise from client-side access to source code?
Malicious users can view/modify all client-side data and code. No secrets can be stored in the source, as they can be altered.
How can server-side information be exposed to users?
Server error messages can reveal implementation details like paths and version numbers, aiding potential attackers.
Why is web traffic vulnerable to attacks?
The web is chaotic; traffic transmitted in plaintext can be easily intercepted and tampered with during transit.
What are the limitations of HTTPS in preventing attacks?
HTTPS encrypts data, but data may be tampered with before encryption. It does not prevent spying or tampering during transmission.
What is a denial of service attack in the context of web security?
A network-based attack that disrupts service availability, preventing legitimate users from accessing resources.
What is the key principle for securing web applications?
Trust no client, trust no network, and perform important processing on the server to ensure security.
