- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
Room : Osama , Hammam , Farah Arar , Farah alsoqi
Q1 : Cross-Site Request Forgery (CSRF) attack is that forces authenticated users to submit a request to a Web application against which they are currently authenticated.
-The term "one-click attack" is used to describe CSRF attacks because, from the victim's perspective, the attack can be executed with a single click.
Q2 :
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website
-the malicious script could steal the user's cookie and send it to the attacker. The attacker can then use the cookie to impersonate the user in the web application. Session Hijacking: XSS can lead to taking over an active user session, enabling attackers to do things on behalf of the victim.
-XSS attacks can be generally categorized into two main types: non-persistent (reflected) and persistent (stored).
Q3:
SQL Injection is a code-based vulnerability that allows an attacker to read and access sensitive data from the database. Attackers can bypass security measures of applications and use SQL queries to modify, add, update, or delete records in a database , to manipulate a database and gain access to potentially valuable information.
Q4 :
The provided SQL command is vulnerable to SQL injection. An attacker could manipulate the input values to execute unauthorized SQL queries, potentially leading to unauthorized access or data manipulation. To prevent this, use parameterized queries or prepared statements to properly handle user input in SQL commands , The vulnerability lies in the direct inclusion of user-provided values (username and password) into the SQL query string without proper sanitization or parameterization. An attacker can exploit this vulnerability by manipulating the input values in such a way that the resulting SQL query behaves unexpectedly.
-The vulnerability in the given SQL command is due to the direct inclusion of user inputs (username and password) without proper validation. This makes it susceptible to SQL injection.
Q5 :
End-to-end encryption is a security method that keeps your communications secure , lets give an example : Alice wants to send Bob an encrypted message. She uses Bob's public key to encrypt her message to him. Then, when Bob receives the message, he uses his private key on his device to decrypt the message from Alice.