- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
Jana, Banan, Hala, Hadeel
Q1
A CSRF (Cross-Site Request Forgery) attack involves unauthorized actions taking place on a website using the credentials of a trusted user, often without their knowledge. To prevent such attacks, developers implement security measures like anti-CSRF tokens and follow best practices. In a CSRF attack, the attacker deceives the user into triggering unauthorized commands on a trusted website through a manipulated HTTP request. Developers use anti-CSRF tokens in HTTP requests to validate their authenticity and reduce the risk of unauthorized commands being executed. The term "one-click attack" is used to underscore that in many cases, a single click by the user is sufficient to initiate the attack, using the user's active session on the targeted website to execute unauthorized actions.
Q2
XSS attack is short for cross-site scripting. XSS attacks are type of injection in which attackers inject malicious scripts in the code of trusted websites
Categories:
Reflected XSS (non-persistent / Type I)
Stored XSS (Persistent / Type II)
DOM-based XSS (Type 0)
Connection between XSS and sessions/cookies:
XSS attacks can access the cookies including session cookies of the users so the attacker can impersonate legitimate users and gain unauthorized access.
Q3
SQL injection is a type of cyber attack where an attacker inserts or manipulates malicious SQL (Structured Query Language) code into input fields of a web application. The intention is to exploit vulnerabilities in the application's code that doesn't properly validate or sanitize user input.
The attacker's goals with SQL injection can include:
Unauthorized Access: By injecting malicious SQL code, attackers may gain unauthorized access to a database, retrieve, modify, or delete data.
Data Manipulation: Altering or deleting data within the database, potentially causing data loss or corruption.
Authentication Bypass: Using SQL injection to bypass login mechanisms, gaining access to restricted areas of an application.
Information Disclosure: Retrieving sensitive information from the database that wasn't meant to be accessible, such as usernames, passwords, or other confidential data.
Q4
The provided SQL command is susceptible to SQL injection, a prevalent security vulnerability in web applications. The vulnerability stems from the direct interpolation of user inputs (username and password) into the SQL query string in the given code:
• The risk lies in the direct interpolation of user inputs, allowing an attacker to potentially manipulate the SQL query by controlling the values of username and password in a malicious manner. This manipulation could lead to unauthorized actions or the extraction of sensitive information. An example of a malicious input could be:
username: '1'='1';
This input will always evaluate to true, showcasing the potential danger associated with SQL injection vulnerabilities.
Q5
End-to-end encryption refers to a method of secure communication that prevents third-parties from accessing data while it's transferred from one end system or device to another. In this process, the data is encrypted at the sender's end and only the recipient is able to decrypt it. This means that even the service provider or network operator in the middle of the communication cannot access the unencrypted data. It ensures that the data is secure and private throughout the entire communication process.
One well-known app that utilizes end-to-end encryption (E2EE) is WhatsApp. WhatsApp utilizes E2EE to secure all communications, including text messages, voice calls, video calls, and file transfers, between users. When a message is sent, it is encrypted on the sender's device and can only be decrypted by the recipient's device. This ensures that the content of the messages remains private and secure, even if the messages are intercepted during transmission. The use of E2EE in WhatsApp provides users with a high level of privacy and security in their communications.