12) Application Security Flashcards
Which software development vulnerability is stopped by proper bounds checking?
Buffer overflows
___ is a web-related technology used to develop web pages while ___ refers to an attack where malicious code is embedded into the web page.
CSS & XSS
CSS is a web-related technology used to develop web pages while XSS refers to an attack where malicious code is embedded into the web page. What does CSS stand for?
Cascading Style Sheets
CSS is a web-related technology used to develop web pages while XSS refers to an attack where malicious code is embedded into the web page. What does XSS stand for?
Cross-site scripting
A database is vulnerable to SQL injection attacks through direct attempts to the database server or through applications software, including web applications. What is the most effective way of mitigating these attacks?
Validating user inputs
A type of software development problem that occurs when we do not properly account for the size of the data input into our applications.
Buffer overflows/overruns
A type of software development vulnerability that occurs when multiple processes or multiple threads within a process control or share access to a particular resource, and the correct handling of that resource depends on the proper ordering or timing of transactions.
Race conditions
A type of attack that can occur when we fail to validate the input to our applications or that steps to filter out unexpected or undesirable content.
Input validation attack
A type of attack that can occur when we fail to use strong authentication mechanisms for our applications.
Authentication attack
A type of attack that can occur when we fail to use authorization best practices for our applications.
Authorization attack
A type of attack that can occur when we fail to properly design our security mechanisms when implementing cryptographic controls in our applications.
Cryptographic attack
A type of attack that takes advantage of weaknesses in the software loaded on client machines, or one that uses social engineering techniques to trick us into going along with the attack.
Client-side attack
An attack carried out by placing code in the form of a scripting language into a web page, or other media, that is interpreted by a client browser.
XSS
XSS is an attack carried out by placing code in the form of a scripting language into a web page, or other media, that is interpreted by a client browser. What does XSS stand for?
Cross-site scripting
In this type of attack, the attacker places a link on a web page in such a way that it will be automatically executed, in order to initiate a particular activity on another web page or application where the user is currently authenticated.
XSRF