Web & Application Attacks Study Guide

Intro to Web Apps

• A database is electronic data stored in tables made up of rows and columns.

  • How important are these to our society? They efficiently store, manage, and retrieve lots of information

• A web app is any application that runs in a web browser and not as a standalone program.

• Structured Query Language (SQL) is a language that can be used to fetch data from a database.

• What does an SQL statement look like? It’s a long statement that accesses the dictionary  

• What are the important keywords? Some important keywords are SELECT, UNION, null, concat(), FROM

SQL Injection

• An SQL Injection attack is where malicious code is placed into an SQL statement that unknowingly runs on your database and returns results to an unauthorized user.

• SQL Injection attacks, as well as XSS, are accomplished by abusing user input fields.

• How do we defend against SQL injection attacks? Sanitize inputs

Cross-Site Scripting (XSS)

• A cross-site scripting attack is where malicious JavaScript is injected directly onto a site.

• The three languages that make up most websites are:

  • HTML

  • CSS

  • JavaScript

• What can a cross-site scripting attack accomplish? Allows an attack to steal user data, compromise accounts, or redirect users to malicious sites

• A session ID is an identifier that stores information across multiple visits to a website.

• There are three kinds of cross-site scripting:

  • Reflected XSS - it’s used in the immediate response, only affects your own computer

  • DOM XSS - Changing the url to make it happen, also in the client side

  • Stored XSS - it’s on the server side, it’s stored in the database, anyone who visits the site can access it

• How do we defend against cross-site scripting attacks? Sanitize inputs

Cross-Site Request Forgery (CSRF)

• A cross-site request forgery attack is that abuses a user’s authentication to get them to perform unwanted actions.

• How is the attack typically launched?  Copied the website and made a fake version of a form and sent it to the user

Unrestricted File Upload

• An unrestricted file upload vulnerability refers to a website that does not check to see what kind of files are being uploaded.

• Where can files uploaded to a web site end up? In the directory

• How can we prevent this vulnerability from occurring? By only allowing a specific data type or file size to be uploaded 

Denial of Service (DoS)

• A denial of service attack is where a server is overwhelmed by so many requests that it can no longer process genuine requests.

• What’s the difference between a DoS attack and a DDoS attack? A DoS attack floods a device or website with traffic from a singular source, while a DDoS attack uses multiple sources

• How would you defend against a denial of service attack? By blocking traffic from IP addresses that are unsafe or malicious