Explore crucial concepts in web application security by identifying frequent developer errors such as insecure data handling, broken authentication, and cross-site scripting. Enhance your understanding of vulnerabilities that can compromise sensitive information and app integrity.
A login form directly inserts user input into an SQL query without validation. Which security error is most likely being introduced in this scenario?
Explanation: SQL Injection occurs when user-supplied data is inserted into an SQL query without proper validation or escaping, allowing attackers to manipulate the database. Session Hijacking involves stealing user session information, while Invisible Captcha Bypass concerns bypassing bot protections. Broken Rate Limiting allows for excessive requests but is not related to SQL query manipulation. The direct query construction in this example specifically exposes the app to SQL injection.
If an application stores user passwords in plain text within its database, which common security mistake is being made?
Explanation: Storing passwords in plain text is a severe security error, as anyone accessing the database can see users' passwords. Hashing passwords with a salt would be the secure alternative, whereas double authentication refers to requiring two factors for login. Implementing password managers does not relate to storage practices within the app itself. Only the first option describes the actual vulnerability present in this scenario.
A blog comment form allows users to submit text that is displayed without sanitization, enabling JavaScript code to run in visitors' browsers. What is the term for this vulnerability?
Explanation: Cross-Site Scripting, or XSS, allows attackers to inject malicious scripts that run in the context of other users' browsers if user input is not sanitized. Cross-Site Request Forgery tricks users into making unwanted requests, but it does not involve injecting scripts. Server-Side Request Forgery targets requests from the server, and Open Redirect refers to sending users to unintended websites. The ability to run JavaScript code makes this an XSS issue.
When sensitive information like credit card numbers is sent from a web application to users over HTTP instead of HTTPS, which error is taking place?
Explanation: Sending sensitive data over HTTP means that the information can be intercepted by attackers, as the channel is not encrypted. Input validation is important, but it relates to verifying user input, not data transmission. Improper error handling can leak information but is not about secure communications. Overuse of cookies can be an issue but is not related to the encryption of transmitted data. Secure channels are essential for protecting confidential information.
A web app fails to check whether a user is authorized before allowing changes to another user's profile data. Which kind of security mistake does this illustrate?
Explanation: Broken access control occurs when users are able to perform actions outside their intended permissions, such as modifying another user's data. Cross-origin resource sharing is a browser policy related to resources, not user permissions. Stored session cloning is not a standard security term, and Malformed URL encoding relates to URL formatting issues. The scenario directly describes a lack of proper authorization checks.