Kappale 7

Session hijacking

User input is code which gets executed when the page is shown to other users.

Acquiring session ids by observing network traffic.

Search engine search term is code which gets executed when the search term is shown in the results page.

Session fixation

Clickjacking

Session hijacking

CSRF

HTTP response splitting

CSRF

Directory traversal

None of the above

User logs on to site A, then visits site B which has malicious link back to site A, which executes unwanted action.

Acquiring victim’s session id by observing network traffic.

Two websites are set on top of each other, first invisible, second visible, user clicks first the other before clicking the second.

Attacker logs on to site and acquires session id. Then they feed the id to the victim, and the attacker gains access to victim’s resources on the site.

Attacker gains control of the HTTP body by making the server print an extra CRLF sequence.

CSRF

Persistent cross-site scripting

Non-persistent cross-site scripting

HTTP response splitting

protect from cross-site request forgery attacks.

are codes shared by the server and the client to help in HTTP request validation.

are always created with the help of CSURF.

can be used to configure CORS.

checks the protocol, the port and the host.

is synonym to CSP.

can be blocked by validating user input.

runs in the domain of the malicious website.

cannot alter the page in any way.

cannot read users’ cookies.

is synonym to same-origin policy.

is defined with Content-Security-Policy cookie.

is configured by defining all allowed origins for each resource type.

configuration is defined with code-src and pic-src.

CRSF can only use HTTP method GET.

It is possible to make fully invulnerable web application.

A large amount of vulnerabilities is caused by not validating user input.

Cross-site request forgery is more usual than Cross-site scripting.