gaspersic/devops-exercises
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix/word correction (#193)

Browse Source 
* New questions and spell check (#181)

Added new questions related with KVM, Libvirt and DNF

* Correct some spell errors
This commit is contained in:
Adrian
2021-11-28 21:18:58 +01:00
committed by GitHub
parent 023cf57f90
commit a7d23b912d
9 changed files with 32 additions and 32 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
exercises/security/README.md
View File

@@ -203,7 +203,7 @@ Read about it [here](https://owasp.org/www-project-top-ten)
<details>
<summary>What is XSS?</summary><br><b>
Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affact the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site 
Cross Site Scripting (XSS) is an type of a attack when the attacker inserts browser executable code within a HTTP response. Now the injected attack is not stored in the web application, it will only affect the users who open the maliciously crafted link or third-party web page. A successful attack allows the attacker to access any cookies, session tokens, or other sensitive information retained by the browser and used with that site 
You can test by detecting user-defined variables and how to input them. This includes hidden or non-obvious inputs such as HTTP parameters, POST data, hidden form field values, and predefined radio or selection values. You then analyze each found vector to see if their are potential vulnerabilities, then when found you craft input data with each input vector. Then you test the crafted input and see if it works.
@@ -214,7 +214,7 @@ You can test by detecting user-defined variables and how to input them. This inc
SQL injection is an attack consists of inserts either a partial or full SQL query through data input from the browser to the web application. When a successful SQL injection happens it will allow the attacker to read sensitive information stored on the database for the web application. 
You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the tisk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure
You can test by using a stored procedure, so the application must be sanitize the user input to get rid of the risk of code injection. If not then the user could enter bad SQL, that will then be executed within the procedure
</b></details>