click below
click below
Normal Size Small Size show me how
Chapter 3
Chapter 3 Terms
Term | Definition |
---|---|
ActiveX | A set of rules for how applications under the Microsoft Windows operating system should share information. |
ActiveX control | A specific way of implementing ActiveX that runs through the web browser and functions like a miniature application. |
add-on | Program that provides additional functionality to web browsers. Also called an extension. |
Address Resolution Protocol | Part of the TCP/IP protocol for determining the MAC address based on the IP address. |
arbitrary/remote code execution | An attack that allows an attacker to run programs and execute commands on a different computer. |
ARP poisoning | An attack that corrupts the ARP cache. |
attachment | A file that is coupled to an email message and often carries malware. |
buffer overflow attack | An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer. |
client-side attack | An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data. |
command injection | Injecting and executing commands to execute on a server. |
cookie | A file on a local computer in which a web server stores user-specific information. |
cross-site scripting (XSS) | An attack that injects scripts into a web application server to direct attacks at clients. |
denial of service (DoS) | An attack that attempts to prevent a system from performing its normal functions by overwhelming the system with requests. |
directory traversal | An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories. |
distributed denial of service(DDoS) | An attack that used man computers to perform a DoS attack. |
DNS poisoning | An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device. |
Domain Name System | A hierarchical name system for translating domain names to IP addresses. |
extension | Another name for add-on. |
first-party cookie | A cookie that is created from the website currently being viewed. |
Flash cookie | Another name for locally shared object (LSO). |
host table | A list of the mappings of host names to IP addresses. |
HTTP header | Part of HTTP that is comprised of fields that contain the different characteristics of the data that is being transmitted. |
HTTP header manipulation | Modifying HTTP headers to create an attack. |
integer overflow attack | An attack that is the result of an attacker changing the value of a variable to something outside the range that programmer had intended. |
locally shared object (LSO) | A cookie that is significantly different in size and location from regular cookies, and can store more complex data. |
man-in-the-middle | An attack that intercepts legitimate communication and forges a fictitious response to the sender. |
persistent cookie | A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes. |
ping | A utility that sends an ICMP echo request message to a host. |
ping flood | An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets. |
plug-in | A third-party library that attaches to a web browser and can be embedded inside a webpage. |
privilege escalation | An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing. |
replay | An attack that makes a copy of the transmission before sending it to the recipient. |
session cookie | A cookie that is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts only for the duration of a visit to a website. |
session hijacking | An attack in which an attacker attempts to impersonate the user by using the user's session token. |
session token | A form of verification used when accessing a secure web application. |
smurf attack | An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim. |
spoofing | Impersonating another computer or device. |
SQL injection | An attack that targets SQL servers by injecting commands to be manipulated by the database. |
SYN flood attack | An attack that takes advantage of the procedures for initiating a TCP/IP session. |
third-party cookie | A cookie that was created by a third party that is different from the primary website. |
transitive access | An attack that exploits the trust relationship between three parties. |
XML (Extensible Markup Language) | A markup language that is designed to carry data, in contrast to HTML, which indicates how to display data. |
XML injection | An attack that injects XML tags and data into a database. |
zero-day attack | Attack that exploits previously unknown vulnerabilities, so victims have no time (zero days) to prepare for or defend against the attack. |