Web security Flashcards
(26 cards)
What are the goals of web security
Users should be able to visit a variety of websites without incurring harm. Secure web applications
List the web threat model
- Web attacker: - control attacker.com, then the user visits attacker.com
- Network attacker: - Passive: Wireless eavesdropper -Active: Evil router, DNS Poisoning
- Malware attacker: - Attacker escapes browser isolation mechanisms and runs separately under the control of OS
Examples of Malware attacker
XSS, SQLi, CSRF
What are URLs
Global identifiers of network-retrievable documents
What are cookies
They are used to store state on a user’s machine. HTTP is a stateless protocol, cookies add state
What are cookies used for
- Authentication
- Personalization, recognize the user from a previous visit
- Tracking: follow the user from site to site, learn their browsing behaviour
What is the default scope of a cookie
The domain and path of the setter URL
What are the allowed and disallowed domains of this host “login.site.com”
Allowed: - login.site.com, site.com
Disallowed: - user.site.com, othersite.com, .com
Does secure cookies provide integrity
NO. only confidentiality. Network attacker can re-write secure cookies
How can you achieve data integrity
Cryptographic checksums. use secret key to generate a tag for the cookie
Explain SQL Injection
Browser sends malicious input to server, bad input checking leads to malicious SQL query
Explain CSFR
A Bad website sends browser request to a good web site using the credentials of an innocent victim
Explain XSS
A bad website sends innocent victim a script that steals information from an honest website
What causes injection
When data and code share the same channel
List 2 ways of preventing SQL iNJECTION
- Input validation (Blacklisting or whitelisting(better))
- Escaping quotes: use escaper characters to prevent the quote becoming part of the query. i.e convert ‘ to '
Describe Cross-site Request Forgery
- User and server establish a connection
- The user visits the attackers server
- the attacker sends the malicious page
- The malicious page use the users cookie to send a request to the server
Drive-by pharming attack is an attack on home router describe it
The user visits a malicious site, then javascript at the site scans the home network looking for broadband router, once it finds it, it logs in to the router and changes the DNS server
List some causes of CSRF
- The server cannot distinguish whether a request is cross-site (other site’s page) or same-site(server’s own page)
Can the browser differentiate between cross site and same site
Yes. It knows which site the request generates from
How can the server help prevent CSRF
Referer header, same-site cookie
How can the server help it’s self
Secure token
List and explain 2 methods for injecting malicious code to a web application
- Reflected XSS (“type 1”): the attacker’s script is reflected back to the user as part of a page from the victim site
- Stored XSS (“type 2”) : the attacker stores the malicious code in a resource managed by the web application, e.g database
Describe Reflected XSS attack
The user visits the attackers server and it receives a malicious link, when the user clicks on the link it is sent to the victim server and the victim server echos sensitive information, the information is then sent to the attackers server
Describe Stored XSS
The attacker injects malicious script to the server, the user requests for content from the victim server and receives malicious script, then the script sends sensitive info to the attackers server
