Web Security: Attacks
Goals
- Classify different threat models for the Web
- Analyze potential injection vulnerabilities
- Learn to execute a variety of XSS attacks
Overview
- What’s the basic model for a web application?
- What are five different threat models we consider on the Web?
- What is the Same-Origin Policy?
Injection
- How can a web injection get you a shell on the server?
- How does SQL work?
- You will need to know the basics for the homework and exam
- What are some examples of SQL injection attacks?
- How can attacker extract information about the SQL database scheme?
- What is an effective way to reduce the risk of SQL injection?
Cross-Site Scripting (XSS) Attacks
- What is the Document Object Model?
- How can you inject JavaScript into a web page?
- Why are cookies a thing?
- What is reflected XSS?
- What is stored XSS?
- What can an attacker do via XSS attacks?
Cross-Site Request Forgery (CSRF)
- Why does the browser send a site’s cookie with every subsequent request?
- What defines a CSRF attack?
- What are some potential defenses against CSRF attacks?
- Why is a secret token useful?
- What connection does it have to defenses against SYN flooding attacks?
- Why is referrer validation ineffective?
Web Frameworks
- What security benefits do web frameworks offer?
- What security risks do they introduce?
- What is a remote-file inclusion vulnerability?
- What is a mass-assignment vulnerability?