1.3 Flashcards
Privilege Escalation
vulnerability flaw that allows a normal user to suddenly gain escalated capabilities on a system
Cross-Site Scripting (XSS)
a web application vulnerability that allows attackers to inject scripts into trusted web sites (victim’s browser)
Structured Query Language (SQL) injection
an attacker enters additional data into the webpage form to generate different SQL statements
Dynamic-Link Library
a way to inject some code into an application to have that app execute the code for you
Lightweight Directory Access Protocol injection
code injection technique used to exploit web applications which could reveal sensitive user info or modify info
Extensible Markup Language (XML)
commonly used to transfer data between two different devices
Point/Object NULL (blank) Dereference
occurs when an attacker can make an application point to a null section of memory rather than the part of memory where the data exists
Directory Traversal
injection attack that attempts to access a file by including the full directory path or traversing the directory structure on a computer
Buffer Overflow
when the data’s volume exceeds the storage capacity of the memory’s buffer
Race Condition
when two or more modules of an application, or two or more applications attempt to access a resource at the same time
Time to Check to Time to Use (TOCTOU)
when an attacker tries to race the operating system to do something malicious w/data after OS verifies access is allowed, but before the OS performs a legitimate action @ the time of use
Error Handling
ensures that an application can handle an error gracefully
Improper Input Handling
describes functions such as validation, filtering or coding/encoding of input data
Replay Attacks
when an attacker modifies the data and then tries to impersonate one of the clients in the original session and sends the modified data in reply sessions
Integer Overflow
occurs if an application receives a # value that is too big for the app to handle