|
10 | 10 | - attacker uses XSS to send malicious script to an unsuspected user. |
11 | 11 | - harm |
12 | 12 | - malicious scripts can access any cookies, session tokens, other sensitive information retained by browsers |
13 | | - - scripts can rewrite the content of the html page |
| 13 | + - scripts can rewrite the content of the html page. |
14 | 14 | - 3 types |
15 | 15 | - Stored XSS - occurs when user input is stored in the db in form of comments, visitor log, message forum, |
16 | 16 | victim is able to retrieve the stored data from the web application without the data being made safe to render. |
17 | | - - Reflected XSS- occurs when user input is immediately returned by the app in error message, or in some other UI element |
18 | | - - DOM based XSS - form of XSS where the source of the user data and target/sink of the user data never leaves the browser |
| 17 | + - Reflected XSS- occurs when user input is immediately returned by the app in error message, or in some other UI element. |
| 18 | + - DOM based XSS - form of XSS where the source of the user data and target/sink of the user data never leaves the browser. |
| 19 | +- how to prevent? |
| 20 | + - never insert untrusted data except in allowed locations |
| 21 | + - html encode before inserting untrusted/user data into html element |
| 22 | + - attribute encoding of dynamic html attributes |
| 23 | + - javascript encoding, css encoding |
| 24 | + - url encode before inserting data into html url parameters |
| 25 | + - use HttpOnly cookie flag (this flag mitigates risk of client side script accessing the cookie) |
| 26 | + - implement content security policy (browser side mechanism to create allow lists of client side resources of web application) |
| 27 | + |
| 28 | +**Cross Site Request Forgery (CSRF)** |
| 29 | +- what? forces the victim to execute attack on a web application in which they're authenticated. only work if the target is logged into the system. |
| 30 | +- how? through social engineering (such as sending link via email/chat), an attacker may trick the users of a web app into executing attacks. |
| 31 | +- harm - successful attack may force the victims to perform state changing requests like transferring funds and others. |
| 32 | +- how to prevent? |
| 33 | + - csrf tokens (per requests or per user session) -should be unique, random and secret. |
| 34 | + - csrf tokens should not be transmitted using cookies. |
| 35 | + - can be added through hidden fields, headers. Make sure the token is not included in server logs, browser histroy |
0 commit comments