Help
Options
Didn't know it?
click below
click below
Knew it?
click below
click below
Don't Know
Remaining cards (0)
Know
retry
shuffle
restart
0:00
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.
Normal Size Small Size show me how
Normal Size Small Size show me how
securityCHPT3
terms
| Question | Answer |
|---|---|
| zero day attacks | exploit previously unknown vulnerabilities.no time to defend |
| securing web applications | hardening the web server |
| securing web applications | protecting the network |
| most common web application attacks | cross site scripting |
| most common web application attacks | sql injection |
| most common web application attacks | xml injection |
| most common web application attacks | command injection/directory traversal |
| cross site scripting | injects script into a web application server to direct attacks at its clients |
| attacks that target applications | web application attacks |
| attacks that target applications | client side attacks |
| attacks that target applications | buffer overflow attacks |
| cross site scripting | refers to an attack using scripting that or |
| xss attack requires a web site to meet two criteria | accepts user input without a validating it |
| xss attack requires a web site to meet two criteria | uses input in a response without encoding it |
| sql injection | targets sql servers by injecting commands |
| sql | used to view and manipulate data that is stored in a relational data base |
| zero day attacks | exploit previously unknown vulnerabilities so victims have zero days to prepare |
| because the content of http transmissions is not examined | attackers use this protocol to target flaws in web application software |
| cross site scripting | xss |
| xss attack | injects script into a web application server that will then direct attacks at clients |
| cross site scripting attacks | uses the server as a platform to launch attacks on other computers that access it |
| cross site scripting attack | a person visits an injected web site ,the malicious instructions are sent to the victims web browser and executed |
| other xss attacks | designed to steal sensitive information that was retained when visiting sites |
| buffer overflow | occurs when a process attempts to store data in ram beyond the boundaries of a fixd length storage buffer |
| xml | xtensible markup language |
| markup language | method for adding annotations to the text so that the additions can be distinguished from the text itself |
| html | markup language designed to display data with the primary focus on how the data looks |
| xml injection | an attack that injects xlm tags and data intoa data base |
| xpath injection | operate on web sites that uses user-supplied information to construct an XPath query for XML data. |
| sql | used to manipulate data stored in relational data base |
| sql injection | targets sql servers by injecting commands |
| directory transversal attack | an attack that takes advantage of a vulnerability in the web application program |
| command injection | injecting and executing commands to execute on a server |
| to perform a directory transversal attack | an attackers needs only a web browser,location of default files,directories on the system under attack |
| email address unknown | indicates that user input is being properly filtered |
| server failure | indicates that the user input is not being filtered,instead all user input is being sent directly to the database |
| xml | designed to carry data instead of indicating how to display it |
| xml | user defines their own tags |
| XML tags begin with the less-than character (“<”) and end with the greater-than character (“>”). You use tags to mark the start and end of elements, which are the logical units of information in an XML document | tags |
| An element consists of a start tag, possibly followed by text and other complete elements, followed by an end tag. The following example highlights the tags to distinguish them from the text | elements |
| markup language | method for adding annotations to text |
| html | uses tags surrounded by brackets |
| html | instructor browser to display text in specific format |
| xpath injection | attempts to exploit the xml path language queries that are built from user input |
| annotation | note that is made while reading any form of text |
| html | displays data |
| xml | carries data |
| client side attacks | targets vulnerabilities in client applications that interact with a compromised server or process malicious data |
| server side attacks | web application attacks |
| drive by download | a users computer becoming compromised just by viewing a web page and not even clicking any content |
| IFrame | inline frame |
| iframe | an html element that allows for embedding another html document inside the main document |
| common client side attacks | header manipulation |
| common client side attacks | cookies and attachments |
| common client side attacks | session hijacking |
| common client side attacks | malicious add ons |
| directory traversal attack | attacker moves from root directory to restricted directories |
| command injection attack | attackers enter commands to execute on a server |
| http header | composed of fields that contain the different characteristics of the data that is being transmitetd |
| http header attacks | referer |
| http header attacks | accept language |
| drive by download | attackers craft a zero pizel frame to avoid visual detection |
| zero pixel iframe | allows for embedding another html document inside the main document |
| http header fields | referer |
| http header fields | accept language |
| http header fields | server |
| http header fields | set cookie |
| types of cookies | first party |
| types of cookies | third party |
| types of cookies | session |
| types of cookies | persistent |
| types of cookies | secure |
| types of cookies | flash |
| arp | part of the tcp/ip prptocol for determining the mac address based on the ip address |
| first party cookie | created from the web site that is currently being viewed |
| flash cookie | local shared objects |
| flash cookie | cannot be deleted thru the browsers normal configuration settings |
| persistent cookie | tracking cookie |
| persistent cookie | recored on the hard drive and doent expire when the browser closes |
| secure cookie | used when a browser is visiting a server using a secure connection |
| session cookie | stored in ram and only lasts for duration of the visit |
| syn flood attack | takes advantage of the procedures for initiating a tcp sessions |
| transitive access | an attack involving a third party to gain access rights |
| smurf attack | broadcasts a ping to all computers on the network yet changes the address from which the request came to that of the target |
| type of dos attack | ping flood |
| type of dos attack | smurf attack |
| type of interception attack | man in the middle |
| type of interception attack | replay attack |
| distributed denial of service attack | may use hundreds or thousands of zombie computers in a botnet to flood a device with requests |
| man in the middle attack | makes it appear that two computers are communicating with each other when actually they are sending and receiving data with a pc in between |
| replay attack | similiar to man in the middle except a copy is made before transmitting |
| arp poisoning | attack that corrupts the arp cache |
| dns poisoning | attack that substitutes dns addresses so that the computer is automatically redirected to another device |
| types of attacks generated from arp poisoning | steal data |
| types of attacks generated from arp poisoning | prevent internet access |
| types of attacks generated from arp poisoning | man in the middle |
| types of attacks generated from arp poisoning | dos attack |
| cache | temporary storage |
| domain name system | a hierarchial name system for matching computer names and numbers |
| cookie | a file on a local pc in which a server stores user specific information |
| cookie | used to identify repeat visitors,only site created the cooklie can read it |
| first party cookie | created from the web site that a user is currently viewing |
| third party cookie | site advertisers use these to record user preferences |
| flash cookie | named after adobe flash player |
| respawning | used to reinstate regular cookies that a user has deleted or blocked |
| flash cookies | stored in multiple locations |
| session token | used when a browser is visiting a server using a secure connection |
| session hijacking | attackers attempt to impersonate user by stealing or guessing session token |
| session token | random string assigned used for verification purposes |
| malicious addons | programs that provide additional functionality to web browsers |
| Active X | method to make programs interactive using a set of rules and controls |
| ping flood attack | uses the internet control message protocol to flood a victim with packets |
| buffer overflow attack | data overflows into adjacent memory locations |
| buffer overflow attack | attackers can change return address |
| network attacks | denial of service |
| network attack | interception |
| network attack | poisoning |
| network attack | attack on access rights |
| spoofing | impersonation of another computer or device |
| smurf attack | ping request with originating address changed |
| syn flood attack | uses the three way handshake to attack |
| man in the middle | accept legitimate information and respond with counterfeit information |
| ddos | virtually impossible to identify and block source of attack |
| most common dos attack | distributed denial of service |
| man in the middle passive attack | captures the data and uses it later |
| arp poisoning | modify the mac address in the arp cache so that the corresponding ip address points to a different computer |
| arp | the ip address is known but not the mac address,the sending pc sends out and arp packet to all pcs asking if this is your ip address |
| host table | lists the mappings of names to computer numbers |
| location for dns poisoning | local host table |
| location for dns poisoning | external dns server |
| domain name system | expaneded to a hierarchial name system for matching computer names and numbers |
| symbolic name | |
| host table name system | |
| zone transfers | dns servers exchange information among t hemselves |
| access right attacks | privilege escalation |
| access right attacks | transitive access |
Created by:
cgeaski
Popular Computers sets