• View
• Edit
• History
• Print

WebReview

• Cookies:
  1. Suppose you set a cookie with the scope: cs.wisc.edu:80
     1. Is it accessible to the website http://www.cs.wisc.edu?
     2. Is it accessible to the website http://research.cs.wisc.edu:8080?
     3. Is it accessible to the website https://www.cs.wisc.edu?
  2. Why do some cookies say “https only”/ What bad things could happen if these cookies are sent over normal HTTP?
• DOM / same origin policy:
  1. Suppose you have a web page open from www.cs.wisc.edu, that has a frame from www.cs.umich.edu (our fierce rival).
     1. Can javascript code on www.cs.wisc.edu see elements of the DOM for the www.cs.umich.edu website?
     2. Can www.cs.umich.edu cause the whole webpage to navigate somewhere else?
  2. You have another window open to pages.cs.wisc.edu/~swift. Can the javascript code on www.cs.wisc.edu see elements on this page?
  3. You open a third window to www.cs.wisc.edu/people. Can javascript on on this page see elements on the www.cs.wisc.edu page?
• SQL injection.

       <p>Username: <input type="text" name="login" /><br />
          Password: <input type="text" value="password" /></p>
     </form>

  <?php $query = "SELECT * FROM users WHERE username = ’{$_POST[’login’]} AND
        password= ’{$_POST[’password’]}";  $result = mysql_query($query); echo “$_POST[‘login’] attempted”}>

• CSRF
  1. Web server logs often include the headers for all requests. If you are looking at the logs of a web server, how could you detect possible cross-site request forging attacks?
• CSS
  1. For web pages that want to accept usernames and passwords, explain how you would sanitize this input before returning it on a web page in order to prevent cross-site scripting.
  2. HTTP only cookies are sent with requests but are not available through the DOM to scripts. Explain how this mitigates CSS attacks. (see https://www.owasp.org/index.php/HttpOnly)