From c130bd2d105e136eb115348d3e3c80332c379277 Mon Sep 17 00:00:00 2001 From: Austin Songer Date: Sun, 19 Jan 2020 14:01:12 -0600 Subject: [PATCH] Updated README - Security - SQL Injection - CSRF - XSS --- README.md | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/README.md b/README.md index faa4686..cc0d44e 100644 --- a/README.md +++ b/README.md @@ -5243,10 +5243,20 @@ Authorization is the process of identifying what level of access the service or
What is XSS?
+ +Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affact the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site  + +You can test by detecting user-defined variables and how to input them. This includes hidden or non-obvious inputs such as HTTP parameters, POST data, hidden form field values, and predefined radio or selection values. You then analyze each found vector to see if their are potential vulnerabilities, then when found you craft input data with each input vector. Then you test the crafted input and see if it works. +
What is an SQL injection? How to manage it?
+ +SQL injection is an attack consists of inserts either a partial or full SQL query through data input from the browser to the web application. When a successful SQL injection happens it will allow the attacker to read sensitive information stored on the database for the web application.  + +You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the tisk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure +
@@ -5331,6 +5341,11 @@ Authorization is the process of identifying what level of access the service or
What is CSRF? How to handle CSRF?
+ +Cross-Site Request Forgery (CSRF) is an attack that makes the end user to initate a unwanted action on the web application in which the user has a authenticated session, the attacker may user an email and force the end user to click on the link and that then execute malicious actions. When an CSRF attack is successful it will compromise the end user data  + +You can use OWASP ZAP to analyze a "request", and if it appears that there no protection against cross-site request forgery when the Security Level is set to 0 (the value of csrf-token is SecurityIsDisabled.) One can use data from this request to prepare a CSRF attack by using OWASP ZAP +