Web Security

Réussis tes devoirs et examens dès maintenant avec Quizwiz!

What is a top level domain ?

".com" Can't set cookie for this suffix because that would be a lot of the internet

What is SQL injection?

A lot of SQL queries are made in web applications If query is not made carefully, attacker can pass in strange input and make malicious request to server

What is XSS (Cross-site scripting)?

Attacker injects script into victim's browser by... 1. Reflected XSS: Attacker can redirect a victim to a certain URL with malicious script and the script is echoed 2. Stores XSSS: Attacker can store malicious script in the server and make the victim retrieve the script in the victim's browser

What is clickjacking?

Fool the victim to do stuff for the active Can be any type of attack, but mostly CSRF (i.e. to leave this page, we need to verify you are not a bot)

When setting cookies, what is HttpOnly?

Javascript running in browser cannot read this cookie Weak XSS defense

What is a cookie?

Key-value pair, many web apps store important data into cookie => Can store login id => Attackers can impersonate different users by stealing cookie A state a web server can store inside your browser

What is the same origin policy?

Origin A can access origin B's DOM if they match on (scheme, domain, port) For cookies... ([scheme], domain, path) Scheme is optional for cookies, necessary for origins (pages)

What is https?

Protocol for secure communication Communication over HTTP within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer (SSL) Main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.

What is a cross-site request forgery (CSRF)?

Try to send malicious request with victim's valid credentials Normally, attacker creates her own page and victim visits it Victim's browser will send request in attacker's page to target site using victim's credential

GET v. POST

Use GET for when we do NOT modify data in server Use POST for when we DO modify data in the server


Ensembles d'études connexes

Chapter 22: The Child with GI Dysfunction

View Set

BIO 208 UK Microbiology: FINAL EXAM

View Set

The Real World: An Introduction to Sociology Chapter 15; Populations, cities, and the environment

View Set

ABA behavior management consequence based interventions

View Set

Introduction to Java Programming: Ch. 2 quiz

View Set

PrepU Questions: Week 16--Respiratory & Skin/Wounds

View Set

Psychology Exam 2 Multiple Choice

View Set