Why is HTTP stateless?
Every request-response pair is independent of one another.
HTTP can’t keep track of whether you’ve logged in or not.
HTTP is stateless by nature.
What are sessions?
They are a data structure used by a website to store data only during the time user is interacting with the site - used to manage state due to stateless HTTP.
What are cookies?
Cookies are client-side files to monitor interactions with a given website.
Eg. for shopping cart personalization, price changing by times you visit
What is session hijacking?
Attacker steals cookies or session ID and use it to authenticate by using the same session.
What are the OWASP Top 10 vulnerabilities?
- SQL Injection
- Broken Authentication & Session Management
- Sensitive Data Exposure
- XML External Entities
- Broken Access Control
- Security Misconfiguration
- XSS, XSRF
- Insecure Serialization
- Using Components with Vulnerabilities
- Insufficient Logging & Monitoring
What is SQL Injection?
- Results from untrusted data from user being used as part of a query.
- Data tricks SQL interpreter to executing commands or queries it should not.
- Access data user does not have authority for.
What does ‘ OR ‘1’ = ‘1’ do if you input it into the username field?
It’ll query all account usernames and since it’s an AND statement, if you put a common password, you will most likely return at least 1 row.
What does ‘ OR ‘1’ = ‘1’ do if you input it into a password field?
It’ll allow you to login to that specific account username as OR 1=1 will always return true.
Can you use comments in SQL Injection?
Yes - you can use comments like 1=1– to comment rest of the query.
How to avoid SQL injections?
Use parameterized queries by preparing statements with variable binding.
Use stored procedures in the SQL Database itself.
Sanitize user input.
What is cross-site scripting?
Attacker injects XSS into web pages which are shown to other users, malicious code is then executed in their browser.
What is reflected or non-persistent XSS?
- Malicious script reflects off the website into the victim’s browser.
- Passed via query or URL, XSS code is not stored on the server.
What is stored or persistent XSS?
- Malicious script is stored on server and sent to victim’s browser to be executed when viewed.
What are examples of malicious use of XSS?
- Hijack sessions
- Deface websites
- Redirect users to malicious sites
What are XSS defences?
- User input sanitization
- HTML slots for untrusted data
- HTML escape before inserting data into HTML element (change context of script to data).
What is XSRF?
Cross Site Request Forgery is an attack that tricks users to execute undesired actions on websites they are currently authenticated on.
How do you defend against XSRF?
- Include random challenge token that is RNG’d, expires quickly, and hash comparison of token.
