People's Newsroom

CYBER SECURITY LOOKUPS

BUILDING BLOCKS

  • HYPERTEXT TRANSFER PROTOCOL – TRANSPORTATION
  • HYPERTEXT MARKUP LANGUAGE – REPRESENTATION
  • CASCADING STYLE SHEETS – BEAUTIFICATION
  • JAVASCRIPT – MODIFICATION
  • CROSS-DOMAIN COMMUNICATION
    • SAME-ORIGIN POLICY
    • CROSS-ORIGIN RESOURCE SHARING
    • WORKING ON CROSS-ORIGIN RESOURCE SHARING
    • CROSS-DOCUMENT MESSAGING
  • WEBSOCKET
  • PERSISTENT ENTITIES
    • COOKIES
    • WEB STORAGE (LOCAL STORAGE AND SESSION STORAGE)
    • INDEXEDDB API

CLIENT-SIDE ATTACKS

  • INSECURE COMMUNICATION
    • MAN-IN-THE-MIDDLE ATTACKS
    • CACHEABLE HTTP RESPONSES
    • INSECURE CROSS-DOMAIN COMMUNICATION
    • INSECURE CORS CONFIGURATION
    • CROSS-SITE WEBSOCKET HIJACKING
    • INSECURE CROSS-DOCUMENT MESSAGING
    • CROSS-SITE SCRIPT INCLUSION (JSONP ATTACKS)
  • LACK OF INPUT VALIDATION
    • CROSS-SITE SCRIPTING
    • CROSS-FRAME SCRIPTING
    • HTML INJECTION
    • SESSION HIJACKING
  • INFORMATION LEAKAGE
    • SUBRESOURCE INTEGRITY
    • REFERER HEADER LEAKAGE
  • INSECURE FILE PROCESSING
    • MIME SNIFFING
    • POLYGLOT FILE UPLOADS
  • BYPASSING CLIENT-SIDE VALIDATIONS
    • BYPASSING HTML5 REGEXES
    • TAMPERING HTTP REQUESTS USING PROXY
  • ABUSE OF FUNCTIONALITY
    • ATTACKING CONTENT-SECURITY-POLICY MISCONFIGURATIONS
    • EXPLOITING WEB STORAGE (LOCAL STORAGE AND SESSION STORAGE)
    • CLICKJACKING
    • CROSS-SITE REQUEST FORGERY
  • CLIENT-SIDE PARAMETER PROCESSING
    • DOM CLOBBERING ATTACK
    • REVERSE TABNABBING
    • REFLECTED FILE DOWNLOAD ATTACK

DEFENSIVE STRATEGIES

  • SECURE COMMUNICATION
    • USAGE OF STRICT-TRANSPORT-SECURITY HEADER
    • USAGE OF CACHING DIRECTIVES
  • SECURE CROSS-DOMAIN COMMUNICATION
    • SECURE CROSS-ORIGIN-RESOURCE SHARING
    • SECURE WEBSOCKET IMPLEMENTATION
    • SECURE POSTMESSAGE COMMUNICATION
  • INPUT VALIDATIONS
    • CROSS-SITE SCRIPTING
    • HTML INJECTION
    • PREVENT DOM CLOBBERING ATTACK
  • INFORMATION LEAKAGE
    • SUBRESOURCE INTEGRITY
    • PREVENTION OF REFERER HEADER LEAKAGE
  • SECURE COOKIE ATTRIBUTES
  • CONTENT-SECURITY POLICY
  • BROWSER FEATURE POLICY
  • JAVASCRIPT FRAMEWORK SECURITY FEATURES
Back to top button