security.md

1. What is a CSRF attack? How does it use HTTP requests? And why do we call it the one-click attack?
2. What is an XSS attack? And what is the connection between it and cookies/sessions? And what are the two main categories of XSS?
3. What is SQL injection? and what is the attacker’s intention from it?
4. Consider the below SQL command, where is the vulnerability? think about some ways an attacker can misuse it:

const { username, password } = req.body
let strQry = `SELECT Count(*) FROM Users WHERE username=${username} AND password=${password}`;

5. What does End-to-End encryption means? Share an example of an well-known app using E2EE, how is that app using it?

1- A CSRF (Cross-Site Request Forgery) attack tricks users into making unwanted actions on a website where they're logged in, by exploiting their session cookies. To prevent these, websites use CSRF tokens and other security measures.

2-An XSS (Cross-Site Scripting) attack injects malicious scripts into websites to steal cookies and hijack sessions. The two main types are:
Stored XSS: Malicious scripts are saved on the server.
Reflected XSS: Malicious scripts are echoed by the server from user inputs.

3-SQL injection involves inserting malicious SQL code into databases via user input, aiming to manipulate or steal data.

4- The vulnerability lies in directly inserting user input into the SQL query, allowing SQL injection. Attackers can bypass authentication or extract data by altering the query with malicious input, such as username=admin'-- to ignore the password check.

5-End-to-End Encryption (E2EE) means only communicating users can read messages, preventing access from third parties, including service providers. WhatsApp uses E2EE for messages and calls, ensuring that only the communicating users can decrypt and view the content.

with :
1-Ninos Dinkha
2-aween ezzat
3-lava ahmed
4-teba kaaed

Room 5
Nada - Mardin - Ibrahim - Shvan - Zainab Al-Najjar

1. A CSRF (Cross-Site Request Forgery) attack tricks a user's browser into making unintended HTTP requests to a different site. It's often accomplished by luring a user to click on a malicious link or visit a compromised website. The attack exploits the fact that browsers automatically include stored session cookies when making requests to a site, potentially allowing an attacker to perform actions on behalf of the user without their consent. It's called a "one-click attack" because a single click by the user triggers the malicious action.

2. Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website.
   They often target cookies to hijack user sessions. where attackers inject malicious code into websites to steal data or take control.
   The two main types: non-persistent (reflected) and persistent (stored).

3. SQL injection is a code injection technique that exploits vulnerabilities in an application's software layer to execute malicious SQL statements. The attacker's intention with SQL injection is typically to gain unauthorized access to the application's database or to manipulate its data.

4. how an attacker can misuse it:
   SQL Injection: An attacker can manipulate the username or password fields to inject arbitrary SQL code, bypassing authentication or accessing unauthorized data. For example, they could input ' OR 1=1 -- as the password, effectively turning the query into SELECT Count(*) FROM Users WHERE username='someusername' AND password='' OR 1=1 --', which would always return true, effectively bypassing authentication.
   Brute Force Attack: Even without exploiting SQL injection directly, an attacker could use this vulnerability to launch a brute force attack by trying different combinations of usernames and passwords until they find a valid pair. This is particularly dangerous if the application doesn't have any protection against multiple failed login attempts.

5. End-to-end encryption means your messages are scrambled from when you send them until the recipient reads them, so nobody else can snoop. WhatsApp is a popular app using this. When you send a message, it's locked with a key only you and the receiver have, keeping it safe from hackers or even WhatsApp itself.

Shinak Mohemed, Zhin abubaker, Barham Baper, Koshyar Abdurrahaman , Yousra Yaarob

1. A CSRF attack tricks a user into unintentionally performing actions on a trusted website. It happens when a user, logged into a site, visits a malicious site that sends requests to the trusted site on behalf of the user. These requests, often disguised as innocent clicks, can lead to unauthorized actions like fund transfers. It's called a "one-click attack" because it appears to the victim as a single click initiates the attack.
2. An XSS attack injects malicious scripts into a website, which then execute in users' browsers. These scripts can steal sensitive data like cookies or sessions, allowing attackers to impersonate users. There are two main types: Reflected XSS, where the script is reflected off the server, and Stored XSS, where the script is permanently stored on the server.
3. SQL injection is a type of cyber attack where an attacker injects malicious SQL (Structured Query Language) code into input fields or parameters of a vulnerable website or application. The intention of SQL injection attacks is to manipulate the database queries executed by the application, allowing the attacker to access, modify, or delete data stored in the database.
4. One way is the query is not hashing the password
   -SQL Injection: An attacker can manipulate the username or password input fields to inject malicious SQL code. For example, by inputting ' OR '1'='1' as the password, the attacker could bypass authentication entirely because the query would evaluate to true, allowing them to log in without a valid password.
   -Authentication Bypass: If the query returns any results, it indicates a successful login. An attacker can exploit this by guessing valid usernames and using a crafted password to log in without knowing the correct credentials.
5. E2EE is a communication method that uses encryption and decryption. when the user sends a message, that message is being encrypted using an encryption key, and when a user receives that message it's being decrypted using a decryption key. And the well-known app that using E2EE is Whatsapp.

Room 3:-
Members:- Zainab Mirza - Rafeef Thamer - Shkar Gharib - Omer Sardar - Ahmed Jalal

1/ A CSRF (Cross-Site Request Forgery) attack is a type of exploit where an attacker tricks a logged-in user into unknowingly executing malicious actions on a trusted website. This attack is executed through forged HTTP requests that appear legitimate to the website, exploiting the user's authenticated session. It's called a "one-click attack" because it can be triggered with a single click by the victim, requiring no additional authentication.

2/ An XSS (Cross-Site Scripting) attack injects malicious scripts into a website, which can then execute in users' browsers. It can steal cookies or session tokens, leading to unauthorized access. The two main categories are:
Stored XSS: The injected script is permanently stored on the server, affecting all users who access the vulnerable page.
Reflected XSS: The injected script is reflected off the web server, usually via a link or input field, targeting a specific user at the time of the attack.

3/ SQL injection is a type of cyber attack where malicious SQL (Structured Query Language) code is inserted into input fields of a web application, exploiting vulnerabilities in the application's database layer. The attacker's intention is typically to gain unauthorized access to the database, retrieve sensitive information, modify or delete data, or execute arbitrary commands on the database server.

4/ The SQL command is vulnerable to SQL injection due to the lack of input validation and sanitization. Attackers can exploit this vulnerability to bypass authentication, extract sensitive information, manipulate data, or compromise the entire database server.
Attackers can misuse this vulnerability in several ways:

SQL Injection
Authentication Bypass
Information Disclosure
Data Manipulation
Database Server Compromise

5/ End-to-end encryption (E2EE) ensures that only the sender and recipient can access the content of their communication by encrypting messages on the sender's device and decrypting them on the recipient's device. WhatsApp uses E2EE by generating cryptographic keys for each user's device, exchanging public keys to encrypt messages, and ensuring that encryption keys are not stored on its servers, thus maintaining the confidentiality of conversations.

Telegram is a big example of this method.

Room 11 , Pasand Yaba , Hana Abdulla , Ahmed Sabah , Muhammed Sabah , Ali Izaddin

1- A CSRF (Cross-Site Request Forgery) attack is a type of security exploit where an attacker tricks a user into unintentionally performing actions on a web application in which the user is authenticated. The attacker accomplishes this by embedding malicious code in a link or website visited by the user. When the user clicks the link or visits the website, their browser sends unauthorized requests to the target web application, which processes them as if they were legitimate actions by the user. CSRF attacks use HTTP requests to execute actions on the target application, such as transferring funds or changing account settings. They are often referred to as "one-click attacks" because they can be triggered with just one click by the user, without their knowledge.
2- XSS attacks involve injecting malicious scripts into web pages to steal sensitive information like cookies or session tokens from the user , Stored XSS (persistent) and Reflected XSS. Developers can prevent XSS by sanitizing input and using security measures like Content Security Policy (CSP).

3- SQL injection is when a sneaky hacker tricks a website into running bad commands. For example, imagine a website with a search bar. If the website is not well protected, the hacker could type something like this into the search bar: '; DROP TABLE users; -- :
4- user name = " or ""="
password = " or ""="
5- End-to-end encryption (E2EE) ensures that only the communicating users can read messages by encrypting data on the sender's device and decrypting it on the recipient's device, with no intermediary access. Signal is an example of an app using E2EE, where users' devices generate cryptographic keys for secure messaging. Messages are encrypted with the recipient's public key and decrypted with their private key, ensuring privacy and security. Signal's implementation of E2EE safeguards communications from eavesdropping and surveillance, making it highly secure.

Ahmed Isam , Mawj M Basheer , Ahmad Qarany, Dilan M Ahmed.

1. it is Cross Site Request Forgery which attackers will use to trick the web browser user to perform actions and providing sensitive data and information to the cloned webpage and the data will be stolen . The reason we call it one click attack is that the user is just one click away from giving up the sensitive information like email and passwords or bank card PIN number.

2. XSS is the cross site scripting cyber attack in which scripts have been injected by hackkers into web pages browsed by the users. the scripts that being added will be able to sensitive information, manipulate, or sending the user to other cloned websites.the cookies and session tokens might hold authentication information like passcodes and they can be obtained through injecting scripts.there are two main categories of XSS , which are Reflected XSS and Stored XSS. Reflected XSS is a script being adedd that can be executed in the attacked user browser this category of XSS will involve the tricks that user might fall for and cliick on the script triggers. the Stored XSS on the other hand is more about permenantly stored scripts that injected into the targeted server, for example a database for a web application that a user has an account for log in into.

3. it is another type of cyber attack in which the attacker will put some SQL code into the INPUT fileds of a web app in order to control and manipulate the APP database. from this type of attack, the attacker can get delete and add data from the database and passcodes or execute commands on the server .

4. the attacker can inject a query inside the username or password and manipulate the data. the attacker can do such a thing through having the direct explicit username and passowrd in the input field. Therefore, the attacker can run its script into the database server and get what it is attacked for initially .

5. The data will be encrypted from the sender and only the recipient can de-coded by their side only. for example WhatsApp or telegram their chats are E2EE .