- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
Team Members: Lin, Mohammad Alemarieh, Muna Al-Haj Eid, Mohamad Alchehabi
Q1) Cross-site request forgery is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. It allows the attacker tricks a user's browser into making an unintentional and unauthorized request to a web application on which the user is authenticated. The CSRF depends on three keys one of them is Cookie-based session handling, which performing the action involves issuing one or more HTTP requests, and the application relies solely on session cookies to identify the user who has made the requests. There is no other mechanism in place for tracking sessions or validating user requests.
It is called a "one-click attack," which refers to the fact that the victim is tricked into triggering the malicious action with just one click.
Q2) Cross-Site Scripting (XSS) is a security vulnerability where attackers inject malicious scripts into web pages, often targeting cookies or sessions. Two main categories are Stored XSS (persistent) and Reflected XSS (non-persistent).
Q3) SQL injection is a code injection technique used to modify or retrieve data from SQL databases. It is a web security vulnerability that allows an attacker to interfere with the queries that an application makes to its database. By inserting specialized SQL statements into an entry field, an attacker is able to execute commands that allow for the retrieval of data from the database, the destruction of sensitive data, or other manipulative behaviors.
Q4) The vulnerability in the given SQL command is SQL injection. An attacker can misuse it by providing specially crafted input to manipulate the query, potentially leading to unauthorized access or data manipulation. To mitigate this, parameterized queries or prepared statements should be used.
Q5) End-to-end encryption (E2EE) is a secure communication method that ensures only the sender and the intended recipient can access the contents of a message or file. It is a widely used method for securing data by making it unreadable to anyone who doesn’t have the decryption key.
WhatsApp, Telegram & Signal are a well-known messaging app that uses E2EE to secure its users’ conversations. When a user sends a message, it is encrypted on their device using a unique key that only the intended recipient can decrypt (known as a public key).