1.3 Flashcards

1
Q

Privilege Escalation

A

vulnerability flaw that allows a normal user to suddenly gain escalated capabilities on a system

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cross-Site Scripting (XSS)

A

a web application vulnerability that allows attackers to inject scripts into trusted web sites (victim’s browser)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Structured Query Language (SQL) injection

A

an attacker enters additional data into the webpage form to generate different SQL statements

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Dynamic-Link Library

A

a way to inject some code into an application to have that app execute the code for you

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Lightweight Directory Access Protocol injection

A

code injection technique used to exploit web applications which could reveal sensitive user info or modify info

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Extensible Markup Language (XML)

A

commonly used to transfer data between two different devices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Point/Object NULL (blank) Dereference

A

occurs when an attacker can make an application point to a null section of memory rather than the part of memory where the data exists

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Directory Traversal

A

injection attack that attempts to access a file by including the full directory path or traversing the directory structure on a computer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Buffer Overflow

A

when the data’s volume exceeds the storage capacity of the memory’s buffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Race Condition

A

when two or more modules of an application, or two or more applications attempt to access a resource at the same time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Time to Check to Time to Use (TOCTOU)

A

when an attacker tries to race the operating system to do something malicious w/data after OS verifies access is allowed, but before the OS performs a legitimate action @ the time of use

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Error Handling

A

ensures that an application can handle an error gracefully

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Improper Input Handling

A

describes functions such as validation, filtering or coding/encoding of input data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Replay Attacks

A

when an attacker modifies the data and then tries to impersonate one of the clients in the original session and sends the modified data in reply sessions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Integer Overflow

A

occurs if an application receives a # value that is too big for the app to handle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Server Side Request Forgery (SSRF)

A

when an attacker has full or partial control of the request sent by the web app

17
Q

Cross-Side Request Forgery (XSRF or CSRF)

A

an attack where an attacker tricks a use into performing an action on a website

18
Q

Application Programming Interface (API)

A

a software component that gives developers access to features or data within another app, service or an OS

19
Q

Resource Exhaustion

A

a denial of service (DoS) attack that uses up the available resources on a device so that the app/service being used is no long accessible by others

20
Q

Memory Leak

A

a bug in a computer application to consume more and more memory the longer it runs

21
Q

Secure Sockets Layer (SSL) stripping

A

an attack that changes a HTTPS to a HTTP one. Secure to unsecure

22
Q

Shimming

A

Windows app framework that allows programs to run on versions of the operating system (OS) that they were not initially created to run on

23
Q

Refactoring

A

the process of rewriting the code’s internal processing w/o changing its internal behavior

24
Q

Pass the Hash Attack

A

when an attacker discovers the hash of the user’s password and then uses it to log on to the system as the user