MITM, CSRF, and XSS: How to Prevent Famous Cyber Attacks

Photo by Nahel Abdul Hadi on Unsplash

These are some of the very famous attacks that could happen to any website. We will cover a summary of these attacks and how you can protect against them.

MITM

Man-In-The-Middle. It happens when an attacker is between the client and the server and listening to all their communications.

Famously happens when the client has malicious software like cracks and trojan code or downloads an unknown application sent via Whatsapp or Email.

These attacks can steal sensitive information or alter the request data.

To protect against it:

  • Always use requests with TLS to encrypt the data and you can generate these certificates for free using Let’s Encrypt.
  • Set Set-Cookie header to have secure in order to only pass cookies while in HTTPS mode
  • Redirect all HTTP to HTTPS on the server level
  • Use HSTS by setting Strict-Transport-Securityheader to force redirecting the client to use HTTPS for all subsequent requests

CSRF

Cross-Site Request Forgery. It happens when an attacker phishing website shows an identical design of the website and sends requests to the server on behave of the client. The server won’t have an idea that this the attacker.

To solve this:

  • Set Set-Cookie header to have sameSite=lax to prevent the attacker from attaching cookies when sending requests to the server.
  • Use CSRF token middleware to generate a random token for the user session and attached to the client requests to verify these requests generated from the correct client.

XSS

Cross-Site Scripting. It happens when a script is injected into the client UI and it gains access to read sensitive information or send requests on behave of the client.

It can happen if the client has an unsanitized input control that prints text things directly to the UI or sends requests to the server without sanitization.

An example can be a contact form that could run a script on the backend and hijack admin data or prevent the user from even logging in. (This one happened to one of my clients)

To Solve this:

Hope you enjoyed it and added value to you!

Social media: Twitter, YouTube, LinkedIn, Instagram, and GitHub

--

--

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store
Abdu Tawfik

Abdu Tawfik

Web Application Developer. Knowledge hungry always learning. Aspiring to become a Web Unicorn. Find me @abduvik on social platforms.