24 Questions
What type of attack can occur when an application uses untrusted data in the construction of an HTML snippet without validation or escaping?
Cross-Site Scripting (XSS)
What is the new category for 2021 that focuses on the risks related to design flaws?
Insecure Design
What is prohibited by NIST 800-63b, the OWASP ASVS, and the OWASP Top 10 in credential recovery workflows?
Questions and Answers
What can occur if an application server comes with sample applications that are not removed from the production server?
Security Misconfiguration
What type of vulnerability can occur when an application does not validate user input?
Input Validation
What is the primary concern in Insecure Design?
Design Flaws
What type of attack can occur when an application does not properly validate user input?
SQL Injection
What is the primary concern in Security Misconfiguration?
Misconfigured Servers
What type of vulnerability is present in the 7pay mobile app's password reset function?
Access Control
What is a problem with the decrease function?
It does not validate the input amount
What type of vulnerability occurs when a hacker can reset a user's password by exploiting the 7pay app's password reset function?
Authentication Bypass
What is a category of software vulnerabilities that includes the 7pay app's password reset function?
Access Control Vulnerabilities
What is a potential problem with the increase function?
It does not validate the input amount
What type of vulnerability is present when a hacker can exploit the 7pay app's password reset function to gain unauthorized access?
Authentication Bypass
What is a category of software vulnerabilities that includes buffer overflow attacks?
Buffer Overflow Vulnerabilities
What type of vulnerability occurs when a hacker can exploit the 7pay app's password reset function to reset a user's password without their knowledge?
Access Control Vulnerability
What can an attacker do with a cookie if they have hijacked the user's session?
Access or modify the user's private data
What is the vulnerability in the password database if it uses unsalted or simple hashes to store passwords?
Rainbow table attack
What is the vulnerability in the SQL query if it uses untrusted data in the construction of the query?
SQL injection attack
What is the type of XSS attack where the application or API stores unsanitized user input that is viewed at a later time by another user or an administrator?
Stored XSS
What is the goal of an attacker who hijacks a user's session by replaying a cookie?
To access or modify the user's private data
What type of attack can occur when an application uses untrusted data in the construction of a SQL query?
SQL injection attack
What is the vulnerability in the password database if it uses simple or fast hash functions to store passwords?
GPU cracking attack
What type of XSS attack occurs when an application or API includes unvalidated and unescaped user input as part of HTML output?
Reflected XSS
Study Notes
Session Hijacking
- Attacker replays user's cookie to hijack their authenticated session and access or modify private data
- Can also alter transported data, e.g., recipient of a money transfer
Password Database Vulnerabilities
- Using unsalted or simple hashes to store passwords makes them vulnerable to exposure via rainbow tables
- Hashes generated by simple or fast hash functions can be cracked by GPUs, even if salted
SQL Injection
- Using untrusted data in SQL queries can lead to injection attacks
- Example: modifying 'id' parameter value in browser to ' or '1'='1
- Vulnerable queries can be written in various languages, including Hibernate Query Language (HQL)
Cross-Site Scripting (XSS)
- Three forms of XSS: Reflected, Stored, and DOM XSS
- XSS targets users' browsers and can steal sensitive information
- Example: modifying 'CC' parameter in browser to steal session ID
Insecure Design
- A new category focusing on design flaws and risks
- Importance of threat modeling, secure design patterns, and reference architectures
- Performing pre-code activities critical for Secure by Design principles
Example Attack Scenarios
- Insecure credential recovery workflows, e.g., using "questions and answers"
- Attacks on poorly designed systems, e.g., booking six hundred seats at a cinema chain
Security Misconfiguration
- Scenario: leaving sample applications on production servers
- Example: the 7pay mobile app password reset function allowed attackers to reset others' accounts
7pay Mobile App Vulnerability
- The app's password reset function was poorly designed, allowing attackers to reset others' accounts
- Attackers only needed to know the victim's email address, date of birth, and phone number
Exercise
- Identifying problems with code functions, e.g., insufficient fund checks and balance updates
Software Vulnerabilities
- Categorized into: Access Control Vulnerabilities, Data Storage Vulnerabilities, and more
This quiz covers different web security threats, including session hijacking through cookie replay and password database breaches using unsalted hashes and rainbow tables.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free