Podcast
Questions and Answers
What type of attack can occur when an application uses untrusted data in the construction of an HTML snippet without validation or escaping?
What type of attack can occur when an application uses untrusted data in the construction of an HTML snippet without validation or escaping?
What is the new category for 2021 that focuses on the risks related to design flaws?
What is the new category for 2021 that focuses on the risks related to design flaws?
What is prohibited by NIST 800-63b, the OWASP ASVS, and the OWASP Top 10 in credential recovery workflows?
What is prohibited by NIST 800-63b, the OWASP ASVS, and the OWASP Top 10 in credential recovery workflows?
What can occur if an application server comes with sample applications that are not removed from the production server?
What can occur if an application server comes with sample applications that are not removed from the production server?
Signup and view all the answers
What type of vulnerability can occur when an application does not validate user input?
What type of vulnerability can occur when an application does not validate user input?
Signup and view all the answers
What is the primary concern in Insecure Design?
What is the primary concern in Insecure Design?
Signup and view all the answers
What type of attack can occur when an application does not properly validate user input?
What type of attack can occur when an application does not properly validate user input?
Signup and view all the answers
What is the primary concern in Security Misconfiguration?
What is the primary concern in Security Misconfiguration?
Signup and view all the answers
What type of vulnerability is present in the 7pay mobile app's password reset function?
What type of vulnerability is present in the 7pay mobile app's password reset function?
Signup and view all the answers
What is a problem with the decrease function?
What is a problem with the decrease function?
Signup and view all the answers
What type of vulnerability occurs when a hacker can reset a user's password by exploiting the 7pay app's password reset function?
What type of vulnerability occurs when a hacker can reset a user's password by exploiting the 7pay app's password reset function?
Signup and view all the answers
What is a category of software vulnerabilities that includes the 7pay app's password reset function?
What is a category of software vulnerabilities that includes the 7pay app's password reset function?
Signup and view all the answers
What is a potential problem with the increase function?
What is a potential problem with the increase function?
Signup and view all the answers
What type of vulnerability is present when a hacker can exploit the 7pay app's password reset function to gain unauthorized access?
What type of vulnerability is present when a hacker can exploit the 7pay app's password reset function to gain unauthorized access?
Signup and view all the answers
What is a category of software vulnerabilities that includes buffer overflow attacks?
What is a category of software vulnerabilities that includes buffer overflow attacks?
Signup and view all the answers
What type of vulnerability occurs when a hacker can exploit the 7pay app's password reset function to reset a user's password without their knowledge?
What type of vulnerability occurs when a hacker can exploit the 7pay app's password reset function to reset a user's password without their knowledge?
Signup and view all the answers
What can an attacker do with a cookie if they have hijacked the user's session?
What can an attacker do with a cookie if they have hijacked the user's session?
Signup and view all the answers
What is the vulnerability in the password database if it uses unsalted or simple hashes to store passwords?
What is the vulnerability in the password database if it uses unsalted or simple hashes to store passwords?
Signup and view all the answers
What is the vulnerability in the SQL query if it uses untrusted data in the construction of the query?
What is the vulnerability in the SQL query if it uses untrusted data in the construction of the query?
Signup and view all the answers
What is the type of XSS attack where the application or API stores unsanitized user input that is viewed at a later time by another user or an administrator?
What is the type of XSS attack where the application or API stores unsanitized user input that is viewed at a later time by another user or an administrator?
Signup and view all the answers
What is the goal of an attacker who hijacks a user's session by replaying a cookie?
What is the goal of an attacker who hijacks a user's session by replaying a cookie?
Signup and view all the answers
What type of attack can occur when an application uses untrusted data in the construction of a SQL query?
What type of attack can occur when an application uses untrusted data in the construction of a SQL query?
Signup and view all the answers
What is the vulnerability in the password database if it uses simple or fast hash functions to store passwords?
What is the vulnerability in the password database if it uses simple or fast hash functions to store passwords?
Signup and view all the answers
What type of XSS attack occurs when an application or API includes unvalidated and unescaped user input as part of HTML output?
What type of XSS attack occurs when an application or API includes unvalidated and unescaped user input as part of HTML output?
Signup and view all the answers
Study Notes
Session Hijacking
- Attacker replays user's cookie to hijack their authenticated session and access or modify private data
- Can also alter transported data, e.g., recipient of a money transfer
Password Database Vulnerabilities
- Using unsalted or simple hashes to store passwords makes them vulnerable to exposure via rainbow tables
- Hashes generated by simple or fast hash functions can be cracked by GPUs, even if salted
SQL Injection
- Using untrusted data in SQL queries can lead to injection attacks
- Example: modifying 'id' parameter value in browser to ' or '1'='1
- Vulnerable queries can be written in various languages, including Hibernate Query Language (HQL)
Cross-Site Scripting (XSS)
- Three forms of XSS: Reflected, Stored, and DOM XSS
- XSS targets users' browsers and can steal sensitive information
- Example: modifying 'CC' parameter in browser to steal session ID
Insecure Design
- A new category focusing on design flaws and risks
- Importance of threat modeling, secure design patterns, and reference architectures
- Performing pre-code activities critical for Secure by Design principles
Example Attack Scenarios
- Insecure credential recovery workflows, e.g., using "questions and answers"
- Attacks on poorly designed systems, e.g., booking six hundred seats at a cinema chain
Security Misconfiguration
- Scenario: leaving sample applications on production servers
- Example: the 7pay mobile app password reset function allowed attackers to reset others' accounts
7pay Mobile App Vulnerability
- The app's password reset function was poorly designed, allowing attackers to reset others' accounts
- Attackers only needed to know the victim's email address, date of birth, and phone number
Exercise
- Identifying problems with code functions, e.g., insufficient fund checks and balance updates
Software Vulnerabilities
- Categorized into: Access Control Vulnerabilities, Data Storage Vulnerabilities, and more
Studying That Suits You
Use AI to generate personalized quizzes and flashcards to suit your learning preferences.
Description
This quiz covers different web security threats, including session hijacking through cookie replay and password database breaches using unsalted hashes and rainbow tables.
