Web Security
What is a top level domain ?
".com" Can't set cookie for this suffix because that would be a lot of the internet
What is SQL injection?
A lot of SQL queries are made in web applications If query is not made carefully, attacker can pass in strange input and make malicious request to server
What is XSS (Cross-site scripting)?
Attacker injects script into victim's browser by... 1. Reflected XSS: Attacker can redirect a victim to a certain URL with malicious script and the script is echoed 2. Stores XSSS: Attacker can store malicious script in the server and make the victim retrieve the script in the victim's browser
What is clickjacking?
Fool the victim to do stuff for the active Can be any type of attack, but mostly CSRF (i.e. to leave this page, we need to verify you are not a bot)
When setting cookies, what is HttpOnly?
Javascript running in browser cannot read this cookie Weak XSS defense
What is a cookie?
Key-value pair, many web apps store important data into cookie => Can store login id => Attackers can impersonate different users by stealing cookie A state a web server can store inside your browser
What is the same origin policy?
Origin A can access origin B's DOM if they match on (scheme, domain, port) For cookies... ([scheme], domain, path) Scheme is optional for cookies, necessary for origins (pages)
What is https?
Protocol for secure communication Communication over HTTP within a connection encrypted by Transport Layer Security or its predecessor, Secure Sockets Layer (SSL) Main motivation for HTTPS is authentication of the visited website and protection of the privacy and integrity of the exchanged data.
What is a cross-site request forgery (CSRF)?
Try to send malicious request with victim's valid credentials Normally, attacker creates her own page and victim visits it Victim's browser will send request in attacker's page to target site using victim's credential
GET v. POST
Use GET for when we do NOT modify data in server Use POST for when we DO modify data in the server