Web Security: Attacks

Goals

  • Classify different threat models for the Web
  • Analyze potential injection vulnerabilities
  • Learn to execute a variety of XSS attacks

Overview

  • What’s the basic model for a web application?
  • What are five different threat models we consider on the Web?
  • What is the Same-Origin Policy?
    • What is an origin?

Basics

  • What are some examples of information disclosure attacks?
  • How do online vs. offline password attacks differ?
  • What are some common defenses against password-based attacks?

Injection

  • How can a web injection get you a shell on the server?
  • How does SQL work?
    • You will need to know the basics for the homework and exam
  • What are some examples of SQL injection attacks?
  • How can attacker extract information about the SQL database scheme?
  • What is an effective way to reduce the risk of SQL injection?

Cross-Site Scripting (XSS) Attacks

  • What is the Document Object Model?
  • How can you inject JavaScript into a web page?
  • Why are cookies a thing?
  • What is reflected XSS?
  • What is stored XSS?
  • What can an attacker do via XSS attacks?

Cross-Site Request Forgery (CSRF)

  • Why does the browser send a site’s cookie with every subsequent request?
  • What defines a CSRF attack?
  • What are some potential defenses against CSRF attacks?
    • Why is a secret token useful?
      • What connection does it have to defenses against SYN flooding attacks?
    • Why is referrer validation ineffective?