Busy. Please wait.
Log in with Clever
or
show password
Forgot Password?
Don't have an account?  Sign up 
Sign up using Clever
or
Username is available taken
show password


Make sure to remember your password. If you forget it there is no way for StudyStack to send you a reset link. You would need to create a new account. Your email address is only used to allow you to reset your password. See our Privacy Policy and Terms of Service.

Already a StudyStack user? Log In

Reset Password
Enter the associated with your account, and we'll email you a link to reset your password.

terms

Quiz yourself by thinking what should be in each of the black spaces below before clicking on it to display the answer.
        Help!  

Question
Answer
zero day attacks   exploit previously unknown vulnerabilities.no time to defend  
🗑
securing web applications   hardening the web server  
🗑
securing web applications   protecting the network  
🗑
most common web application attacks   cross site scripting  
🗑
most common web application attacks   sql injection  
🗑
most common web application attacks   xml injection  
🗑
most common web application attacks   command injection/directory traversal  
🗑
cross site scripting   injects script into a web application server to direct attacks at its clients  
🗑
attacks that target applications   web application attacks  
🗑
attacks that target applications   client side attacks  
🗑
attacks that target applications   buffer overflow attacks  
🗑
cross site scripting   refers to an attack using scripting that or  
🗑
xss attack requires a web site to meet two criteria   accepts user input without a validating it  
🗑
xss attack requires a web site to meet two criteria   uses input in a response without encoding it  
🗑
sql injection   targets sql servers by injecting commands  
🗑
sql   used to view and manipulate data that is stored in a relational data base  
🗑
zero day attacks   exploit previously unknown vulnerabilities so victims have zero days to prepare  
🗑
because the content of http transmissions is not examined   attackers use this protocol to target flaws in web application software  
🗑
cross site scripting   xss  
🗑
xss attack   injects script into a web application server that will then direct attacks at clients  
🗑
cross site scripting attacks   uses the server as a platform to launch attacks on other computers that access it  
🗑
cross site scripting attack   a person visits an injected web site ,the malicious instructions are sent to the victims web browser and executed  
🗑
other xss attacks   designed to steal sensitive information that was retained when visiting sites  
🗑
buffer overflow   occurs when a process attempts to store data in ram beyond the boundaries of a fixd length storage buffer  
🗑
xml   xtensible markup language  
🗑
markup language   method for adding annotations to the text so that the additions can be distinguished from the text itself  
🗑
html   markup language designed to display data with the primary focus on how the data looks  
🗑
xml injection   an attack that injects xlm tags and data intoa data base  
🗑
xpath injection   operate on web sites that uses user-supplied information to construct an XPath query for XML data.  
🗑
sql   used to manipulate data stored in relational data base  
🗑
sql injection   targets sql servers by injecting commands  
🗑
directory transversal attack   an attack that takes advantage of a vulnerability in the web application program  
🗑
command injection   injecting and executing commands to execute on a server  
🗑
to perform a directory transversal attack   an attackers needs only a web browser,location of default files,directories on the system under attack  
🗑
email address unknown   indicates that user input is being properly filtered  
🗑
server failure   indicates that the user input is not being filtered,instead all user input is being sent directly to the database  
🗑
xml   designed to carry data instead of indicating how to display it  
🗑
xml   user defines their own tags  
🗑
XML tags begin with the less-than character (“<”) and end with the greater-than character (“>”). You use tags to mark the start and end of elements, which are the logical units of information in an XML document   tags  
🗑
An element consists of a start tag, possibly followed by text and other complete elements, followed by an end tag. The following example highlights the tags to distinguish them from the text   elements  
🗑
markup language   method for adding annotations to text  
🗑
html   uses tags surrounded by brackets  
🗑
html   instructor browser to display text in specific format  
🗑
xpath injection   attempts to exploit the xml path language queries that are built from user input  
🗑
annotation   note that is made while reading any form of text  
🗑
html   displays data  
🗑
xml   carries data  
🗑
client side attacks   targets vulnerabilities in client applications that interact with a compromised server or process malicious data  
🗑
server side attacks   web application attacks  
🗑
drive by download   a users computer becoming compromised just by viewing a web page and not even clicking any content  
🗑
IFrame   inline frame  
🗑
iframe   an html element that allows for embedding another html document inside the main document  
🗑
common client side attacks   header manipulation  
🗑
common client side attacks   cookies and attachments  
🗑
common client side attacks   session hijacking  
🗑
common client side attacks   malicious add ons  
🗑
directory traversal attack   attacker moves from root directory to restricted directories  
🗑
command injection attack   attackers enter commands to execute on a server  
🗑
http header   composed of fields that contain the different characteristics of the data that is being transmitetd  
🗑
http header attacks   referer  
🗑
http header attacks   accept language  
🗑
drive by download   attackers craft a zero pizel frame to avoid visual detection  
🗑
zero pixel iframe   allows for embedding another html document inside the main document  
🗑
http header fields   referer  
🗑
http header fields   accept language  
🗑
http header fields   server  
🗑
http header fields   set cookie  
🗑
types of cookies   first party  
🗑
types of cookies   third party  
🗑
types of cookies   session  
🗑
types of cookies   persistent  
🗑
types of cookies   secure  
🗑
types of cookies   flash  
🗑
arp   part of the tcp/ip prptocol for determining the mac address based on the ip address  
🗑
first party cookie   created from the web site that is currently being viewed  
🗑
flash cookie   local shared objects  
🗑
flash cookie   cannot be deleted thru the browsers normal configuration settings  
🗑
persistent cookie   tracking cookie  
🗑
persistent cookie   recored on the hard drive and doent expire when the browser closes  
🗑
secure cookie   used when a browser is visiting a server using a secure connection  
🗑
session cookie   stored in ram and only lasts for duration of the visit  
🗑
syn flood attack   takes advantage of the procedures for initiating a tcp sessions  
🗑
transitive access   an attack involving a third party to gain access rights  
🗑
smurf attack   broadcasts a ping to all computers on the network yet changes the address from which the request came to that of the target  
🗑
type of dos attack   ping flood  
🗑
type of dos attack   smurf attack  
🗑
type of interception attack   man in the middle  
🗑
type of interception attack   replay attack  
🗑
distributed denial of service attack   may use hundreds or thousands of zombie computers in a botnet to flood a device with requests  
🗑
man in the middle attack   makes it appear that two computers are communicating with each other when actually they are sending and receiving data with a pc in between  
🗑
replay attack   similiar to man in the middle except a copy is made before transmitting  
🗑
arp poisoning   attack that corrupts the arp cache  
🗑
dns poisoning   attack that substitutes dns addresses so that the computer is automatically redirected to another device  
🗑
types of attacks generated from arp poisoning   steal data  
🗑
types of attacks generated from arp poisoning   prevent internet access  
🗑
types of attacks generated from arp poisoning   man in the middle  
🗑
types of attacks generated from arp poisoning   dos attack  
🗑
cache   temporary storage  
🗑
domain name system   a hierarchial name system for matching computer names and numbers  
🗑
cookie   a file on a local pc in which a server stores user specific information  
🗑
cookie   used to identify repeat visitors,only site created the cooklie can read it  
🗑
first party cookie   created from the web site that a user is currently viewing  
🗑
third party cookie   site advertisers use these to record user preferences  
🗑
flash cookie   named after adobe flash player  
🗑
respawning   used to reinstate regular cookies that a user has deleted or blocked  
🗑
flash cookies   stored in multiple locations  
🗑
session token   used when a browser is visiting a server using a secure connection  
🗑
session hijacking   attackers attempt to impersonate user by stealing or guessing session token  
🗑
session token   random string assigned used for verification purposes  
🗑
malicious addons   programs that provide additional functionality to web browsers  
🗑
Active X   method to make programs interactive using a set of rules and controls  
🗑
ping flood attack   uses the internet control message protocol to flood a victim with packets  
🗑
buffer overflow attack   data overflows into adjacent memory locations  
🗑
buffer overflow attack   attackers can change return address  
🗑
network attacks   denial of service  
🗑
network attack   interception  
🗑
network attack   poisoning  
🗑
network attack   attack on access rights  
🗑
spoofing   impersonation of another computer or device  
🗑
smurf attack   ping request with originating address changed  
🗑
syn flood attack   uses the three way handshake to attack  
🗑
man in the middle   accept legitimate information and respond with counterfeit information  
🗑
ddos   virtually impossible to identify and block source of attack  
🗑
most common dos attack   distributed denial of service  
🗑
man in the middle passive attack   captures the data and uses it later  
🗑
arp poisoning   modify the mac address in the arp cache so that the corresponding ip address points to a different computer  
🗑
arp   the ip address is known but not the mac address,the sending pc sends out and arp packet to all pcs asking if this is your ip address  
🗑
host table   lists the mappings of names to computer numbers  
🗑
location for dns poisoning   local host table  
🗑
location for dns poisoning   external dns server  
🗑
domain name system   expaneded to a hierarchial name system for matching computer names and numbers  
🗑
symbolic name    
🗑
host table name system    
🗑
zone transfers   dns servers exchange information among t hemselves  
🗑
access right attacks   privilege escalation  
🗑
access right attacks   transitive access  
🗑


   

Review the information in the table. When you are ready to quiz yourself you can hide individual columns or the entire table. Then you can click on the empty cells to reveal the answer. Try to recall what will be displayed before clicking the empty cell.
 
To hide a column, click on the column name.
 
To hide the entire table, click on the "Hide All" button.
 
You may also shuffle the rows of the table by clicking on the "Shuffle" button.
 
Or sort by any of the columns using the down arrow next to any column heading.
If you know all the data on any row, you can temporarily remove it by tapping the trash can to the right of the row.

 
edit
Embed Code - If you would like this activity on your web page, copy the script below and paste it into your web page.

  Normal Size     Small Size show me how
Created by: cgeaski
Popular Computers sets