Please enable JavaScript.
Coggle requires JavaScript to display documents.
Security - Coggle Diagram
Security
-
Stored (Persistent) XSS
What? An attacker can put js script in a field and save it to the server.
If the contents are not html encoded when displaying in the browser then the script is executed
-
-
-
Insecure TLS Validation
What? Insecure certification validation can lead to man in the middle attacks, data breaches and malware distribution
Fix: use trusted cert authorities, verify cert chains, check cert revocation status etc
-
Reflected XSS
What? attacker injects malicious scripts into dynamic content that is then reflected back to the user's browser. The term "reflected" refers to the fact that the injected script is reflected off a web server and then executed in the context of the victim's browser.
Fix: Validate and sanitize input, escape/encode output, implement Content Security Policy CSP
-
-
-