(Review Questions) Web security

Due No Due Date
Points None

What are the main differences between XSS and CSRF?
Here are some mitigation techniques. Which attacks do you think each individually can prevent. Attacks we are considering XSS, CSRF, and SQLi.
a) Content security policy (CSP)
b) Same-origin policy (SOP)
c) Client-side code sanitization to remove HTML containing certain tags, such as <script>
d) Web Application Firewall (WAF)
e) CSRF token (a random value for each instantiation of the webform)

Assume a web service implements a login form in the following way:

... 
<form action="signin.php" method="POST"/>
<p>
 Username: <input type="text" name="login" /><br /> 
 Password: <input type="text" value="password" />
</p> 
</form> 
<?php $query = "SELECT * FROM users WHERE username = '{$_POST['login']}' AND password= '{$_POST['password']}'"; 
$result = mysql_query($query); 
... ?> 
...

a) Show how can you get the data of all the users in the database.
b) Give the values of the “login” and the “password” field in the form.
c) Can you log in to user account without having their password?
d) How is the website storing their password?

What is CSRF token, and what is it useful for?
Can captcha prevent CSRF? Why/Why not?

Rubric

Title:

Find a Rubric

Title

Title
Criteria	Ratings	Pts
Description of criterion threshold: 5 pts Edit criterion description Delete criterion row	5 to >0 pts Full Marks blank 0 to >0 pts No Marks blank_2 This area will be used by the assessor to leave comments related to this criterion.	pts / 5 pts --
Description of criterion threshold: 5 pts Edit criterion description Delete criterion row	5 to >0 pts Full Marks blank 0 to >0 pts No Marks blank_2 This area will be used by the assessor to leave comments related to this criterion.	pts / 5 pts --