Web Security and Attack Models

Questions and Answers

What is the name of the protocol that allows fetching resources like HTML files from a server?

HTTP

Which of the following are the main goals of web security? (Select all that apply)

• Safely browse the web in the face of attackers. (correct)
• Support secure high-performance web applications. (correct)
• Protect users' personal information from malicious websites.
• Ensure that all websites are accessible to users worldwide.
• Visit websites without incurring harm. (correct)

Match the Web Attack Models with their descriptions.

Malicious Website = The attacker intends to compromise the user's device by sending malicious code directly to the user's computer. Malicious External Resource = The attacker sends malicious code to the user's computer through a third-party resource like an image or a script. Network Attacker = The attacker compromises the network itself and intercepts communication between the user and the website. Malware Attacker = The attacker uses malware on the user's device to intercept and redirect communication or steal data.

What are the two messages involved in HTTP communication?

Request and response. (B)

HTTP is a stateful protocol.

False (B)

What is the purpose of HTTP cookies?

Cookies are small pieces of data that servers send to web browsers to store and retrieve information for various purposes, including session management, personalization, and tracking.

Which of the following is NOT a typical use case for HTTP cookies?

Password storage. (B)

How do websites maintain statefulness despite HTTP being stateless?

Websites use cookies, small pieces of data sent to and stored by browsers, to maintain session information and keep track of user activity across multiple requests.

The browser can see the content of another tab in the same browser window.

False (B)

What is the purpose of the Same Origin Policy (SOP) in web security?

The Same Origin Policy isolates content from different origins (websites) to prevent malicious scripts from one website from interfering with or accessing data from another website.

How is 'origin' defined in the Same Origin Policy?

Origin is defined as a combination of scheme, domain, and port. Sites with the same scheme, domain, and port are considered to be of the same origin.

Which of the following scenarios would trigger a CORS (Cross-Origin Resource Sharing) request?

A website submitting user data to a backend API on a different domain. (A)

The Same Origin Policy restricts a website from making requests to different origins.

False (B)

Explain the concept of 'document.domain' in web security.

The 'document.domain' property allows a website to relax the Same Origin Policy restrictions, enabling specific communication and data sharing between pages from different origins.

The 'document.domain' property can be used to make the origin of a website less specific.

True (A)

What is the purpose of the Public Suffix List (PSL) in web security?

The Public Suffix List is a database maintained by Mozilla that lists domain suffixes, helping browsers identify the most significant part of a domain name, improving security and enhancing user experience.

The Public Suffix List is a static database that cannot be modified.

False (B)

Which of the following is NOT a valid reason for using the Public Suffix List?

To prevent the loading of malicious scripts from untrusted websites. (A)

What are 'HttpOnly' cookies, and how do they enhance web security?

HttpOnly cookies are special cookies that cannot be accessed by JavaScript, making it harder for malicious scripts to steal sensitive information like passwords or session tokens.

A secure cookie is only sent to the server over an HTTPS protocol.

True (A)

Explain the concept of 'third party cookies'.

Third-party cookies are set by a domain different from the website the user is visiting, typically used for tracking and advertising. They are often accessed by external scripts, such as analytics platforms or ad networks.

What is the primary function of a 'cookie jar' in a web browser?

Store cookies associated with specific websites. (C)

Flashcards

HTTP Protocol

The protocol that allows fetching resources (e.g., HTML files) from a server using request and response messages. It's stateless, meaning each request is independent.

URL (Uniform Resource Locator)

A uniform resource location that identifies a resource on the web, using a scheme, domain, port, path, query string, and fragment identifier.

HTTP Method

The first part of an HTTP message that indicates the action to be performed (e.g., GET, POST, PUT, DELETE).

HTTP GET Method

Retrieves the resource at the specified URL without sending any data. Used for fetching content like webpage, images, and other files.

HTTP POST Method

Creates a new resource at the specified URL by sending data in the message body. Used for submitting forms, uploading files, and creating new data.

HTTP PUT Method

Replaces the target resource with the data provided in the request payload. Used for updating the entire resource.

HTTP PATCH Method

Updates part of the target resource with the data in the request payload. Used for making partial updates to a resource.

HTTP DELETE Method

Deletes the resource at the specified URL. Used for removing existing data.

HTTP Headers

Section of an HTTP request that includes information about the client, the requested resource, and other details. These are key-value pairs.

HTTP Request Body

Part of an HTTP request that contains data to be sent to the server, usually used with POST requests. Can include form data, file uploads, or other information.

HTTP Response

A message sent back to the client from the server containing the requested resource or an error message. It includes headers and body.

HTTP Status Code

A numerical code indicating the status of an HTTP response (e.g., 200 OK, 404 Not Found).

HTTP Content-Type Header

The content type of the response (e.g., text/html, image/jpeg), indicating the type of data being returned.

HTTP Content-Length Header

The size of the response in bytes, allowing the client to know how much data to expect.

HTTP Last-Modified Header

The date and time when the resource was last modified.

HTTPS (Hypertext Transfer Protocol Secure)

A security feature designed to ensure that the communication between a client and server remains private and secure.

TLS (Transport Layer Security)

A cryptographic protocol that secures the communication between a client and server by encrypting data and verifying identities.

Certificate

A digital document that certifies the identity of a website or server. It helps ensure that you're connecting to the legitimate website.

User Authentication

The process of verifying a user's identity before granting access to a system or resource. Often involves providing credentials like username and password.

Session Management

The management of a user's session after successful authentication. It tracks user activity and maintains their login state.

Malicious Website

A website that deliberately attempts to harm users by infecting their devices with malware, stealing data, or performing other malicious actions.

Malicious External Resource

A resource hosted on a different domain that can be included in a website (e.g., images, scripts). These can be malicious if they are compromised.

Network Attacker

An individual or group that attempts to compromise the security of a network or system by exploiting vulnerabilities.

Malware Attacker

Software designed to harm computer systems or steal data. It can be spread through malicious websites, email, or other means.

Cross-Site Scripting (XSS)

The ability of a website to influence the behavior of other websites or interfere with their functionality.

Cross-Site Request Forgery (CSRF)

An attack that tricks a user into accessing a malicious website by exploiting their trust in a legitimate website.

Man-in-the-Middle Attack

A technique used to steal sensitive information (e.g., passwords, credit card details) from a website by intercepting communication between the user and the server.

SQL Injection Attack

An attack that attempts to gain unauthorized access to a website's database or other sensitive information by exploiting vulnerabilities in the website's code.

Denial of Service (DoS) Attack

An attack that attempts to overload a server with traffic, making it unavailable to legitimate users.

Brute Force Attack

A technique used to gain unauthorized access to a website by guessing user credentials.

Javascript Injection Attack

The use of malicious scripts embedded in a website to gain unauthorized access to a user's device or steal sensitive information.

Server-Side Rendering

The process of running code on a server to generate dynamic webpage content. This process is vulnerable to attacks if not properly secured.

Client-Side Rendering

The process of executing code on the client's browser to create dynamic content, making it more challenging to protect against attacks.

Study Notes

Web Security Model

• Web security aims to safely browse the web, including malicious sites, without harm to the user's device or session.
• It involves protecting against data theft, malware installation, camera access, session hijacking, and eavesdropping on other sites.
• Secure high-performance web applications are also a core aspect of the model, such as Google Meet.

Web Attack Models

• Malicious Websites: A malicious website directly interacts with the user's device to deliver attacks.
• Malicious External Resource: A malicious external resource, often a file or server, is accessed by the user's device and can harm it.
• Network Attacker: An attacker targets the user's network and can harm the device, network, and potentially other devices on the network.
• Malware Attacker: Malware, installed on the user's device, can cause damage.

HTTP Protocol

• HTTP is a protocol used to fetch resources from a server, primarily HTML files like web pages.
• Communication methods are described as request and response.
• The interaction is stateless, meaning that each request is independent of previous ones.
• Every resource has a unique URL (Uniform Resource Locator).
• A URL has components including scheme, domain, port, path, query string, and fragment ID.

HTTP Request Anatomy

• Method: The action to be performed (e.g., GET, POST)
• Path: The resource being requested (e.g., /index.html)
• Version: The protocol version (e.g., HTTP/1.1)
• Headers: Metadata about the request (e.g., Accept, Accept-Language, Connection, User-Agent, Host, Referer).
• Body: The content sent with the request for processes like sending data.

HTTP Response Anatomy

• Status Code: Indicates the outcome of the request (e.g., 200 OK, 404 Not Found).
• Headers: Metadata about the response (e.g., Date, Server, Content-Type, Last-Modified, Content-Length).
• Body: The content returned by the web server.

HTTP Methods

• GET: Retrieves a resource from a specified URL; does not include a request body.
• POST: Creates a new resource or updates an existing one to a specified URL with a payload.
• PUT: Replaces a target resource with a payload.
• PATCH: Updates part of a resource.
• DELETE: Removes the specified resource from a URL.

HTTP Methods - Security Considerations

• GET requests are generally safe and stateless; in practice, some servers may have side effects.
• Older browsers don't support PUT, PATCH, and DELETE methods.

JavaScript

• JavaScript is a scripting language that adds dynamic behaviour to web pages.
• Websites use Javascript to deliver functionalities like manipulating pages, reading browser data, and accessing local hardware.
• It is used within HTML to control features.

DOM (Document Object Model)

• The DOM is a structured representation of the HTML content of web pages.
• Javascript can read and modify content, using DOM, by interacting with the elements.
• The browser parses the HTML content into a tree-like structure.

Frames

• Frames allow websites to load content from different sources.
• iFrames, an embedded frame type, float inline and can include content from other resources.

Basic Execution Model

• The browser loads the initial page content, parses the HTML, and executes embedded JavaScript.
• It fetches additional assets like images, CSS, and Javascript, then acts on various event triggers.
• The browser iterates until the page is fully loaded.

HTTP/2

• HTTP/2 is a newer version of HTTP, improving performance.
• It allows pipelining multiple requests over a single TCP connection.
• Header compression reduces the size of headers.
• Server push allows servers proactively send resources.
• The structure of applications is usually not affected.

Cookies + Sessions

• HTTP is stateless and requires a mechanism like cookies to maintain sessions.
• HTTP cookies are snippets of data exchanged between a server and browser.

Third Party Access

• Code from another origin (third party) can interact with your page's data if your site includes resources that include that code.
• This can include Javascript or any embedded resource.

Same Origin Policy (SOP)

• The SOP is a mechanism to prevent cross-site scripting (XSS) by isolating origin data, improving application security.
• SOP ensures that elements from one domain/origin cannot access resources (and data) from another domain/origin.
• This limits a malicious site from accessing other sites' data, such as cookies.

Cross-Origin Resource Sharing (CORS)

• This is a mechanism that helps to determine if a server is willing to accept a specific request from a different origin.
• Different Origins will have different configurations to access and interact/exchange data related to the current site.

HTTP vs. HTTPS

• HTTPS uses encryption for the communication, whereas HTTP does not.
• This crucial difference is key for protecting sensitive information being transmitted over networks.

Scope of Cookies

• Cookies may only be set to a portion of a site
• The cookie scope is confined to the requested origin, and is not extended to subdomains or subpaths.

Description

This quiz explores the fundamental concepts of web security, focusing on how to safely navigate the web and the various types of web attack models. It covers malicious websites, network attackers, and the importance of secure protocols like HTTP. Enhance your understanding of web security measures and threats.