thoughtSpace
TwitterGithubRSS Feed

Note Space

Hints, cheat sheets and notes on code.

Home

Web security Fundamentals

Posted on Feb 15, 2023
web-security

Web security

Local Storage

  • LocalStorage is super convenient to use because it always uses JavaScript to access a token. Its contents cannot be automatically sent anywhere. Therefore, localStorage is immune to cross-site request forgery (CSRF) attacks.
  • On the downside, localStorage is potentially vulnerable to cross-site scripting (XSS) attacks. If an attacker can inject malicious JavaScript into a webpage, they can steal an access token in localStorage. Also, unlike cookies, localStorage doesnโ€™t provide secure attributes that you can set to block attacks.

Cookies

  • An HTTP cookie (web cookie, browser cookie) is a small piece of data that a server sends to a user's web browser.

  • Cookies are not accessible via JavaScript provided the proper secure attributes for the cookies are set. This makes cookie data less vulnerable than localStorage data to JavaScript-based attacks.

  • Cookies have a limited storage capacity of 4KB, you might not be able to store some tokens that way. You may also need to put an access token in the HTTP Authorization request header with some APIs, which means cookies wonโ€™t work to store the tokens in all cases.

  • They are used for 3 main purposes

  • Session management Logins, shopping carts, game scores, or anything else the server should remember

  • Personalization User preferences, themes, and other settings

  • Tracking Recording and analyzing user behavior

HttpOnly

  • HttpOnly is an additional flag included in a Set-Cookie HTTP response header. If the HttpOnly flag is included in the HTTP response header, the cookie cannot be accessed through the client-side script (if the browser supports it).
  • It is not accessible with document.cookie with JS and you can just send it to the server. (if the browser supports it).
  • As a result, even if a cross-site scripting (XSS) flaw exists, and a user accidentally accesses a link that exploits this flaw, the browser will not reveal the cookie to a third party.

Cross-Site Scripting

  • XSS attacks are a type of injection, in which malicious scripts are injected into otherwise benign and trusted websites. XSS attacks occur when an attacker uses a web application to send malicious code, generally in the form of a browser side script, to a different end user.

CORS

๐—–๐—ข๐—ฅ๐—ฆ ๐˜€๐˜๐—ฎ๐—ป๐—ฑ๐˜€ ๐—ณ๐—ผ๐—ฟ ๐—–๐—ฟ๐—ผ๐˜€๐˜€-๐—ข๐—ฟ๐—ถ๐—ด๐—ถ๐—ป ๐—ฅ๐—ฒ๐˜€๐—ผ๐˜‚๐—ฟ๐—ฐ๐—ฒ ๐—ฆ๐—ต๐—ฎ๐—ฟ๐—ถ๐—ป๐—ด

๐˜๐˜ต'๐˜ด ๐˜ข ๐˜ธ๐˜ข๐˜บ ๐˜ง๐˜ฐ๐˜ณ ๐˜ฃ๐˜ณ๐˜ฐ๐˜ธ๐˜ด๐˜ฆ๐˜ณ๐˜ด ๐˜ต๐˜ฐ ๐˜ฅ๐˜ฆ๐˜ต๐˜ฆ๐˜ณ๐˜ฎ๐˜ช๐˜ฏ๐˜ฆ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ต๐˜ฉ๐˜ฆ๐˜ณ ๐˜ฐ๐˜ณ ๐˜ฏ๐˜ฐ๐˜ต ๐˜ต๐˜ฉ๐˜ฆ๐˜บ ๐˜ด๐˜ฉ๐˜ฐ๐˜ถ๐˜ญ๐˜ฅ ๐˜ข๐˜ญ๐˜ญ๐˜ฐ๐˜ธ ๐˜ณ๐˜ฆ๐˜ฒ๐˜ถ๐˜ฆ๐˜ด๐˜ต๐˜ด ๐˜ง๐˜ณ๐˜ฐ๐˜ฎ ๐˜ฐ๐˜ฏ๐˜ฆ ๐˜ฅ๐˜ฐ๐˜ฎ๐˜ข๐˜ช๐˜ฏ ๐˜ต๐˜ฐ ๐˜ข๐˜ค๐˜ค๐˜ฆ๐˜ด๐˜ด ๐˜ณ๐˜ฆ๐˜ด๐˜ฐ๐˜ถ๐˜ณ๐˜ค๐˜ฆ๐˜ด ๐˜ง๐˜ณ๐˜ฐ๐˜ฎ ๐˜ข๐˜ฏ๐˜ฐ๐˜ต๐˜ฉ๐˜ฆ๐˜ณ ๐˜ฅ๐˜ฐ๐˜ฎ๐˜ข๐˜ช๐˜ฏ. ๐˜๐˜ต'๐˜ด ๐˜ถ๐˜ด๐˜ฆ๐˜ฅ ๐˜ธ๐˜ฉ๐˜ฆ๐˜ฏ ๐˜บ๐˜ฐ๐˜ถ ๐˜ธ๐˜ข๐˜ฏ๐˜ต ๐˜ต๐˜ฐ ๐˜ฆ๐˜ฎ๐˜ฃ๐˜ฆ๐˜ฅ ๐˜ค๐˜ฐ๐˜ฏ๐˜ต๐˜ฆ๐˜ฏ๐˜ต ๐˜ง๐˜ณ๐˜ฐ๐˜ฎ ๐˜ฐ๐˜ฏ๐˜ฆ ๐˜ด๐˜ช๐˜ต๐˜ฆ ๐˜ช๐˜ฏ๐˜ต๐˜ฐ ๐˜ข๐˜ฏ๐˜ฐ๐˜ต๐˜ฉ๐˜ฆ๐˜ณ ๐˜ด๐˜ช๐˜ต๐˜ฆ.

๐—ง๐—ต๐—ฒ๐—ฟ๐—ฒ ๐—ฎ๐—ฟ๐—ฒ ๐˜๐˜„๐—ผ ๐˜๐˜†๐—ฝ๐—ฒ๐˜€ ๐—ผ๐—ณ ๐—–๐—ข๐—ฅ๐—ฆ ๐—ต๐—ฒ๐—ฎ๐—ฑ๐—ฒ๐—ฟ๐˜€: โ‘  Access-Control-Allow-Origin โ‘ก Access-Control-Allow-Methods

๐Ÿ‘€ ๐—ง๐—ต๐—ฒ ๐—ณ๐—ถ๐—ฟ๐˜€๐˜ ๐—ต๐—ฒ๐—ฎ๐—ฑ๐—ฒ๐—ฟ tells the browser which domains are allowed to access the requested resource.

๐Ÿ‘€ ๐—ง๐—ต๐—ฒ ๐˜€๐—ฒ๐—ฐ๐—ผ๐—ป๐—ฑ ๐—ต๐—ฒ๐—ฎ๐—ฑ๐—ฒ๐—ฟ tell the browser which methods (e.g., GET, POST ) are allowed.

CSRF

CSRF stands for Cross-Site Request Forgery is a web security vulnerability that allows an attacker to induce users to perform actions that they do not intend to perform. An attack that forces an end user to execute unwanted actions on a web application in which theyโ€™re currently authenticated. A site is making requests to your site pretending to be another user.

JSON Web Token

  • (JWT) is an open standard (RFC 7519) that defines a compact and self-contained way for securely transmitting information between parties as a JSON object.
  • This information can be verified and trusted because it is signed digitally.
  • JWT tokens can be signed with a secret.

How to Secure Cookies From Hackers

  • Secure attribute In production, the Secure attribute will ensure that the cookies are only sent over the encrypted connection. If a website doesn't use an SSL certificate and https protocol, the server will not send the cookies.

  • HttpOnly Attribute With this attribute, you forbid JavaScript code from accessing cookies. It protects the cookies from cross-site scripting attacks (XSS).

  • SameSite Attribute It controls when to send cookies with the cross-site requests. This attribute provides some protection against cross-site request forgery attacks (CSRF).

  • There are 3 values this attribute accepts:

    • Strict: When you use SameSite=Strict attribute with the cookie, the browser will send that cookie only for the same-site requests. If a different domain sends the request, no cookie with the SameSite=Strict attribute will be sent.
    • Lax - a cookie is only set when the domain in the URL of the browser matches the domain of the cookie, thus eliminating third partyโ€™s domains.
    • None - The browser sends cookies for both cross-site and same-site requests. If you use SameSite=None for your cookie, you have to specify the Secure attribute along with it.

Note Space ยฉ 2022 โ€” Published with Nextjs

HomeTopicsLinksDefinitionsCommandsSnippetsMy works