Lecture 14: Cross Site Scripting attacks

Stateful

Stateless

Both

All answers are valid

To sniff user traffic in order to authenticate the user on a website

To verify the version of the browser the user is using to access a website

To enable web servers to store stateful information on the user's device or to track the user's browsing activity

All answers are correct

Secure cookie

HttpOnly cookie

Persistent cookie

Third party cookie

reflected, redirected, persistent

reflected, csrf , persistent

injected, persistent and reflected

persistent, reflected and DOM based

Blocking the execution of local website javascript content

Filtering input on arrival and encoding output

Using appropriate response headers and Content Security Policies

All answers are correct.

Reflected XSS

SQLi

Stored XSS

CSRF

Stateless apps require to store the users session on the server, while stateful apps don't require it

Stateful apps require to store the users session on the server, while stateless apps don't require it

Stateful apps uses signed JWT tokens that are stored on the client side, while stateless apps use cookies

Stateless apps uses signed JWT tokens that are stored on the client side, while stateful apps use cookies

Using a referer header

Using a CSRF token

Using a javascript signed cookie

All of the answers are correct