Vulnerabilities
Kinds
- Database Injection
- Use an ORM to prevent
- Broken Authentication
- ...
- Cross Site Scripting (XSS)
- Run JS code on a different user's browser
- Save a script in a web application database
- Prevented using server-side validation
- Credentials Leakage
- Secret keys exposed
- Revoke it to fix the problem
- Principle of least privilege to prevent big attacks
Peneration Testing
-
Test exploit vulnerabilities
-
Burp Suite: Man in the middle that intercepts every request
-
White hat: you have permission Grey hat: you don't have permissionBlack hat: sell the data on the dark web
CIA Triad
Confidentiality: user authenticationIntegrity: data is correct (not corrupted)Availability: data is accessible at any time