Web Vulnerabilities Lesson 10

Strong and unique passwords

Sharing passwords with trusted colleagues

Using the same password for multiple accounts

Publicly posting login credentials

Allowing unrestricted access to sensitive information

Accidental or intentional exposure of sensitive data

Storing data on secure servers only

Ignoring data security protocols

A technique to inject Structured Query Language into a database query

Ignoring database security measures

Using weak and predictable passwords

Not validating user input in web forms

Cookies are not exploitable

Stealing session information stored in cookies

Disabling cookies on the website

Only using session cookies

A security measure to allow scripts from other domains

A type of attack where malicious scripts are injected into web pages

Ignoring web security best practices

Allowing inline scripting in web applications

It makes the login process more complex

It provides an additional layer of security beyond just a password

Two-factor authentication is unnecessary

It slows down the login process

Regularly updating and monitoring security protocols

Using strong encryption for all data

Accidentally sending an email with sensitive information to the wrong recipient

Storing all data in a single, easily accessible location

By allowing any input without validation

By encrypting the entire database

By treating user input as data and not executable code

By exposing database structure in URLs

It allows HTTP connections only

It prevents JavaScript from accessing the cookie

It increases cookie expiration time

It encrypts the cookie data

By allowing any script to be executed on a web page

By restricting the types of content that can be loaded on a web page

By disabling all client-side scripting

By encrypting all communication between the server and the client