Assignment1_RogersD

docx

School

Texas A&M University, –Central Texas *

*We aren’t endorsed by this school

Course

4346

Subject

Computer Science

Date

Dec 6, 2023

Type

docx

Pages

1

Uploaded by Dramidan

Report
DeAndre Rogers CIS 4346 Assignment 1 9/12/23 Qns1. The session ID exchange mechanism based on cookies provides multiple security features in the form of cookie attributes that can be used to protect the exchange of the session ID, please explain the 4 types of cookie attributes and also define that is it secure way to establish a session ID for a long time period, if your answer is yes, what are the advantages, if “no”, what are the disadvantages. Ans: The Secure attribute makes sure that cookies are transmitted only on encrypted and secure connections. The Max-Age and Expires attribute determines how long a specific cookie remains valid. “Max-Age” being the durations in seconds and “Expires” being a date and time. The HttpOnly attribute prevents client-side scripts from having access to a cookie’s value. Lastly, the SameSite attribute has control over when a cookie is sent cross-origin when requested. It is not secure to establish a session ID for a long time. The longer the session ID is active, the greater the security risk and if the session were to get compromised, the longer the attacker can have access to the session. Also, the session ID will consume a lot more resources than a shorter session would, as it gains more resources over time. Qns2. Which character is most likely to be used in an XSS attack that escapes out of an HTML attribute? Choose from: the single quote ('), the null byte, the less than sign (<), or the greater than sign (>). Ans: I would say the less than sign (<) because it is the most common way for an attacker to implement their code into any HTML documents available. It is used to break out of attribute values and all they must do is insert their code and the HTML will run it as normal. Qns3. Explain the Cross-site request forgery attack. Ans: The attacker embeds malicious code or links in a website or email that is trusted, so whenever you click or interact with the link or content on the website, the browser directs you to the attacker’s set website and performs the attacks in the code. Qns4. An attacker injects an XSS payload into the HTML page sent by your server. Given the following CSP, would the XSS attack succeed? Justify your answer. CSP: Content-Security-Policy: default-src 'self'; XSS: <script>alert(document.cookie)</ script> No, because the CSP policy only allows scripts that are loaded with the HTML page, and since the injected script isn’t, the XSS attack wouldn’t go through.
Discover more documents: Sign up today!
Unlock a world of knowledge! Explore tailored content for a richer learning experience. Here's what you'll get:
  • Access to all documents
  • Unlimited textbook solutions
  • 24/7 expert homework help

Related Documents

CSCI 331 HW08.docx
Kyle_Smith_HW09.docx
hw3_soln.pdf
Quiz_ Quiz 6-Fall23.pdf
AP CSP - Algorithms Exam Review #1.docx
Hw #3 - Network Security.docx
Untitled document.docx
2-more_exercises.pdf
hw5-F23.pdf
cs 251 a5.pdf
Emergency Preparedness & Response.docx
MatthewDapcic_HW3.sql
Recommended textbooks for you
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
SEE MORE TEXTBOOKS
Recommended textbooks for you
Text book image
Systems Architecture
Computer Science
ISBN:9781305080195
Author:Stephen D. Burd
Publisher:Cengage Learning
Text book image
LINUX+ AND LPIC-1 GDE.TO LINUX CERTIF.
Computer Science
ISBN:9781337569798
Author:ECKERT
Publisher:CENGAGE L
Text book image
Principles of Information Systems (MindTap Course...
Computer Science
ISBN:9781305971776
Author:Ralph Stair, George Reynolds
Publisher:Cengage Learning
Text book image
Principles of Information Security (MindTap Cours...
Computer Science
ISBN:9781337102063
Author:Michael E. Whitman, Herbert J. Mattord
Publisher:Cengage Learning
Text book image
Management Of Information Security
Computer Science
ISBN:9781337405713
Author:WHITMAN, Michael.
Publisher:Cengage Learning,
Text book image
MIS
Computer Science
ISBN:9781337681919
Author:BIDGOLI
Publisher:Cengage
SEE MORE TEXTBOOKS