click below
click below
Normal Size Small Size show me how
Chapter 3 Security
Terms
Term | Definition |
---|---|
ActivX | A set of rules for how applications under the Microsoft Windows operating system should share information |
Activx Control | A specific way of implementing ActiveX that runs through the web browser and functions like a minature application |
Add-On | Program that provides additional functionality to web browsers. Also called extensions |
ARP | Part of the TCP/IP protocol for determining the MAc address based on the Ip Address |
Arbitrary/Remote Code Execution | An attacker to run programs and execute commands on a different computer |
Arp Poisoning | An attack that corrupts the ARP cache |
Attachment | A file that is coupled to tan email message and often carries malware |
Buffer Overflow Attack | An attack that occurs when a process attempts to store data in ram beyond the boundaries of a fixed length storage buffer |
Client Side Attack | An attack that targets the vulnerbailities in client applications that interact with a compromised server or a process malicious data |
Command Injection | Injecting and executing to execute on a server |
Cookie | A file on a local computer in which a web server stores user specific information |
Cross Site Scripting | An attack that injects scripts into a web application server to direct attacks on clients |
Denial of Service | An attack that attempts to prevent a system from performing its normal functions by overwheling the system with requests |
Directory Traversal | An attack that takes advantage of a vulnerability so that a user can move from a root directory to restricted directorys |
DDOS | Distributed Denial Of Service |
DNS Poisoning | An attack that substitues dns addresses so that the computer is automatically redirected to an attackers device |
DNS | Domain Name System |
Extension | Another name for Add On |
First Party Cookie | A cookie that is created from the website currently being viewed |
Flash Cookie | Another name for locally shared object |
Host Table | A list of the mappings of host names to IP Addresses |
HTTP Header | Part of HTTP that is comprised of fields that contain the different characteristics of the data that is being transmitted |
HTTP Header Manipulation | Modifying HTTP headers to create an attack |
Integer Overflow Attack | An attack that is the result of an attacker changing the value of a variable to something outside the range that the programmer had intended |
LSO | Local Shared Object |
Man-In-The_Middle | an attack that intercepts legitimate communications and forges a ficticious response response to the sneder |
Persistent Cookie | A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes |
Ping | A utility that sends an ICMP echo request message to a host |
Ping flood | An Attack that uses the Internet Control Message Protocol to flood a victim with packages |
Plug-In | A third party library that attches to a web browser and can be embedded inside a web page |
Privilege Escalation | an attack that exploits to a web browser and can be embedded inside a web page |
Replay | an attack that makes a copy of the transmission before sending it to the recipient |
Session Cookie | A cookie that is stored in RAM instead of on the hard drive and only lasts only for the duration of a visit to a website |
Session Hijacking | An attack in which an attacker attempts to impersonate the user by using the users session token |
Session Token | A form of verification used when accessing a secure web application |
Smurf Attack | An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim |
Spoofing | impersonating another computer or device |
SQL Injection | An attack that targets SQL Servers by injecting commands to be manipulated by the database |
SYN Flood Attack | An attack that takes advantage of the procedures for initiating a TCP/IP session |
Third-Party Cookie | A cookie that was created by a third party that is different from the primary website |
Transitive Access | An attack that exploits the trust relationship between three parties |
XML | Extensible markup language A markup language that is designed to carry data, in contrast to HTML, which indicates how to display data |
XML Injection | An attack that injects XML tags and data into a database |
Zero-Day Attack | Attack that exploits previously unknown vulnerabilities so victims have no time zero days to prepare or defend against the attack |