Web Attacks and Network Security Lecture Quiz
20 Questions
2 Views

Choose a study mode

Play Quiz
Study Flashcards
Spaced Repetition
Chat to lesson

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the purpose of using session tokens in web authentication?

To associate requests with an authenticated user without the need to re-enter username and password.

What risk is associated with an attacker stealing a session token?

The attacker can log in as the legitimate user.

How can servers and browsers mitigate the risk of session token theft?

Servers should generate session tokens randomly and securely, while browsers should enforce isolation with cookie and same-origin policies.

What attributes should the server set for the session token to enhance security?

<p>Domain, Path, Secure, HttpOnly, and Expires.</p> Signup and view all the answers

What is the purpose of the 'Expires' attribute for a session token?

<p>To set the expiration time for the cookie, typically when the session times out.</p> Signup and view all the answers

What is Cross-Site Request Forgery (CSRF) and how does it work?

<p>CSRF is an attack that exploits cookie-based authentication to trick victims into making unintended requests, which are automatically attached with relevant cookies.</p> Signup and view all the answers

What is the main idea behind using cookies in web authentication?

<p>To automatically send information in a request to associate the request with an authenticated user.</p> Signup and view all the answers

How does the browser ensure that session tokens are not sent to the wrong websites?

<p>By enforcing the cookie policy and same-origin policy.</p> Signup and view all the answers

What is the purpose of the 'HttpOnly' attribute for a session token?

<p>To restrict JavaScript access to the session token.</p> Signup and view all the answers

Why is it important for servers to set the 'Secure' attribute for session tokens?

<p>To ensure that the cookie is only sent over secure HTTPS connections.</p> Signup and view all the answers

What is the purpose of the Secure attribute in a cookie?

<p>To ensure that the browser only sends the cookie if the request is made over HTTPS (not HTTP)</p> Signup and view all the answers

Explain the impact of setting the HttpOnly attribute to True in a cookie.

<p>Setting the HttpOnly attribute to True restricts JavaScript in the browser from accessing the cookie.</p> Signup and view all the answers

What does the domain attribute in a cookie define?

<p>The domain attribute defines which requests the browser should attach the cookie for if it is a domain suffix of the server's domain.</p> Signup and view all the answers

How is a session defined in the context of web attacks?

<p>A session is a sequence of requests and responses associated with the same authenticated user.</p> Signup and view all the answers

What is the purpose of the Expires attribute in a cookie?

<p>The Expires attribute defines when the cookie is no longer valid.</p> Signup and view all the answers

Explain the concept of Cross-Site Request Forgery (CSRF).

<p>Cross-Site Request Forgery (CSRF) involves an attacker making unauthorized requests on behalf of a user to a different site where the user is authenticated.</p> Signup and view all the answers

What is the purpose of a CAPTCHA in web security?

<p>A CAPTCHA is used to distinguish between human users and automated bots, enhancing security against automated attacks.</p> Signup and view all the answers

How does the browser decide which cookie to attach to a request?

<p>The browser attaches a cookie on a request if the domain attribute is a domain suffix of the server’s domain, and the path attribute is a prefix of the server’s path.</p> Signup and view all the answers

What are the typical attributes of a cookie?

<p>The typical attributes of a cookie include name, value, domain, path, secure, HttpOnly, and expires.</p> Signup and view all the answers

Why is it important to have a cookie policy?

<p>A cookie policy is important to provide guidelines on how cookies are used, stored, and managed to ensure user privacy and security.</p> Signup and view all the answers

More Like This

Use Quizgecko on...
Browser
Browser