Questions #1


What is XSS? Examples? How to protect the application?



Download 85,32 Kb.
bet15/24
Sana06.07.2022
Hajmi85,32 Kb.
#752107
1   ...   11   12   13   14   15   16   17   18   ...   24
Bog'liq
interview en

    Bu sahifa navigatsiya:
  • Tests
What is XSS? Examples? How to protect the application?
XSS stands for Cross Site Requests. The affected page forces the user to make a request to another page, or to run unwanted js code.
For example, a user posted a comment that contained the code:

The site engine does not filter comment text, so the will produce the same result.
Knowing that the page is executing a js code, a hacker can load contextual advertising, banners on the page, force the browser to go to any page, and steal cookies.
The vulnerability is eliminated by escaping unsafe characters, cleaning (sanitizing) HTML tags.

Tests


  • What tools for tests?

  • How to test requests to the network, database?

Web development


What is CGI? Pros , cons ?
Common Gateway Interface. An agreement on how a web server interacts with a program written in some language. The web server runs the program as an executable file. Request parameters like method, path, headers, etc. passed through environment variables.
The program must read these variables and write the HTTP response to standard output.
Pros:

  • The protocol does not impose conditions on the language in which the program is written. It can be both a script and a binary file.

  • The protocol is extremely simple.

  • The program does not store state, which is convenient for debugging.

Minuses:

  • Starting the OS process on each request is very slow.

  • Data transfer via stdout is slower than Unix sockets.

What is CSRF?
Сross Site Request Forgery (cross-site request forgery). A type of vulnerability where site A forces a user to make a request to site B. This could be an img or script tag for a GET request, or a form with a special target attribute.
To prevent the vulnerability, site B must make sure that the request came from its page.
For example, the user must fill out a form. It contains a hidden field token - a one-time sequence of characters. The same token is stored in the user's cookies. When submitting the form, the field and cookie must match. The method is not reliable and is bypassed by a script.

Download 85,32 Kb.

Do'stlaringiz bilan baham:
1   ...   11   12   13   14   15   16   17   18   ...   24



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish