security.md

1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
2. What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
3. What is SQL injection? and what is the attacker’s intention from it?
4. Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

5. What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?

Room 3:-
Members:- Zainab Mirza - Rafeef Thamer - Shkar Gharib - Omer Sardar - Ahmed Jalal

1/ A CSRF (Cross-Site Request Forgery) attack is a type of exploit where an attacker tricks a logged-in user into unknowingly executing malicious actions on a trusted website. This attack is executed through forged HTTP requests that appear legitimate to the website, exploiting the user's authenticated session. It's called a "one-click attack" because it can be triggered with a single click by the victim, requiring no additional authentication.

2/ An XSS (Cross-Site Scripting) attack injects malicious scripts into a website, which can then execute in users' browsers. It can steal cookies or session tokens, leading to unauthorized access. The two main categories are:
Stored XSS: The injected script is permanently stored on the server, affecting all users who access the vulnerable page.
Reflected XSS: The injected script is reflected off the web server, usually via a link or input field, targeting a specific user at the time of the attack.

3/ SQL injection is a type of cyber attack where malicious SQL (Structured Query Language) code is inserted into input fields of a web application, exploiting vulnerabilities in the application's database layer. The attacker's intention is typically to gain unauthorized access to the database, retrieve sensitive information, modify or delete data, or execute arbitrary commands on the database server.

4/ The SQL command is vulnerable to SQL injection due to the lack of input validation and sanitization. Attackers can exploit this vulnerability to bypass authentication, extract sensitive information, manipulate data, or compromise the entire database server.
Attackers can misuse this vulnerability in several ways:

SQL Injection
Authentication Bypass
Information Disclosure
Data Manipulation
Database Server Compromise

5/ End-to-end encryption (E2EE) ensures that only the sender and recipient can access the content of their communication by encrypting messages on the sender's device and decrypting them on the recipient's device. WhatsApp uses E2EE by generating cryptographic keys for each user's device, exchanging public keys to encrypt messages, and ensuring that encryption keys are not stored on its servers, thus maintaining the confidentiality of conversations.

Telegram is a big example of this method.

Room 11 , Pasand Yaba , Hana Abdulla , Ahmed Sabah , Muhammed Sabah , Ali Izaddin

1- A CSRF (Cross-Site Request Forgery) attack is a type of security exploit where an attacker tricks a user into unintentionally performing actions on a web application in which the user is authenticated. The attacker accomplishes this by embedding malicious code in a link or website visited by the user. When the user clicks the link or visits the website, their browser sends unauthorized requests to the target web application, which processes them as if they were legitimate actions by the user. CSRF attacks use HTTP requests to execute actions on the target application, such as transferring funds or changing account settings. They are often referred to as "one-click attacks" because they can be triggered with just one click by the user, without their knowledge.
2- XSS attacks involve injecting malicious scripts into web pages to steal sensitive information like cookies or session tokens from the user , Stored XSS (persistent) and Reflected XSS. Developers can prevent XSS by sanitizing input and using security measures like Content Security Policy (CSP).

3- SQL injection is when a sneaky hacker tricks a website into running bad commands. For example, imagine a website with a search bar. If the website is not well protected, the hacker could type something like this into the search bar: '; DROP TABLE users; -- :
4- user name = " or ""="
password = " or ""="
5- End-to-end encryption (E2EE) ensures that only the communicating users can read messages by encrypting data on the sender's device and decrypting it on the recipient's device, with no intermediary access. Signal is an example of an app using E2EE, where users' devices generate cryptographic keys for secure messaging. Messages are encrypted with the recipient's public key and decrypted with their private key, ensuring privacy and security. Signal's implementation of E2EE safeguards communications from eavesdropping and surveillance, making it highly secure.

Ahmed Isam , Mawj M Basheer , Ahmad Qarany, Dilan M Ahmed.

1. it is Cross Site Request Forgery which attackers will use to trick the web browser user to perform actions and providing sensitive data and information to the cloned webpage and the data will be stolen . The reason we call it one click attack is that the user is just one click away from giving up the sensitive information like email and passwords or bank card PIN number.

2. XSS is the cross site scripting cyber attack in which scripts have been injected by hackkers into web pages browsed by the users. the scripts that being added will be able to sensitive information, manipulate, or sending the user to other cloned websites.the cookies and session tokens might hold authentication information like passcodes and they can be obtained through injecting scripts.there are two main categories of XSS , which are Reflected XSS and Stored XSS. Reflected XSS is a script being adedd that can be executed in the attacked user browser this category of XSS will involve the tricks that user might fall for and cliick on the script triggers. the Stored XSS on the other hand is more about permenantly stored scripts that injected into the targeted server, for example a database for a web application that a user has an account for log in into.

3. it is another type of cyber attack in which the attacker will put some SQL code into the INPUT fileds of a web app in order to control and manipulate the APP database. from this type of attack, the attacker can get delete and add data from the database and passcodes or execute commands on the server .

4. the attacker can inject a query inside the username or password and manipulate the data. the attacker can do such a thing through having the direct explicit username and passowrd in the input field. Therefore, the attacker can run its script into the database server and get what it is attacked for initially .

5. The data will be encrypted from the sender and only the recipient can de-coded by their side only. for example WhatsApp or telegram their chats are E2EE .