1.3 Analyze potential indicators associated with application attacks

Question 1

The ability to run any software on a target system.

Answer 1

Arbitrary code execution

Question 2

When a user account is able to obtain unauthorized access to higher levels of privileges.

Answer 2

Privilege escalation

Question 3

A form of malicious code injection attack in which an attacker is able to compromise a web server and inject their own malicious code into the content sent to other visitors.

Answer 3

Cross-site scripting (XSS or CSS)

Question 4

Implemented by the programmer by validating input, coding defensively, escaping metacharacters, and rejection script-like input.

Answer 4

Cross-site scripting (XSS) prevention

Question 5

Characters that have been assigned special programmatic meaning.

Answer 5

Metacharacter

Question 6

The process of marking the metacharacter as merely a normal or common character, thus removing its special programmatic powers.

Answer 6

Escaping metacharacters

Question 7

Any exploitation that allows an attacker to submit code to a target system to modify its operations and/or poison and corrupt its data set.

Answer 7

Injection attack

Question 8

Focuses on executing malicious commands on a vulnerable target system.

Answer 8

Command injection attack

Question 9

Adds malicious code to an existing script or application.

Answer 9

Code injection attack

Question 10

An XSS event that plants custom HTML statements.

Answer 10

HTML injection attack

Question 11

Attempts to deposit a malicious file on a target system.

Answer 11

File injection attack

Question 12

Allows a malicious individual to perform SQL transactions directly against the backend database through a website front end.

Answer 12

SQL (SQLi) injection attack

Question 13

An advanced software exploitation technique that manipulates a process’s memory to trick it into loading additional code and thus performing operations the original author did not intend.

Answer 13

Dynamic link library (DLL) injection attack

Question 14

An input injection attack against a LDAP directory service.

Answer 14

Lightweight directory access protocol (LDAP) injection attack

Question 15

A variant of SQL injection, where the backend target is an XML application.

Answer 15

XML injection attack

Question 16

The programmatic activity of retrieving the value stored in a memory location by triggering the pulling of the memory based on its address or location as stored in a pointer.

Answer 16

Pointer/ Object dereferencing

Question 17

An attack that enables an attacker to jump out of the web root directory structure and into any other part of the filesystem hosted by the web server’s host OS.

Answer 17

Directory traversal

Question 18

A memory exploitation that takes advantage of a software’s lack of input length validation. They can sometimes allow for arbitrary code execution.

Answer 18

Buffer overflow

Question 19

A memory security feature of many operating systems aimed at blocking a range of memory abuse attacks, including buffer overflows. It blocks the execution of code stored in areas of memory designated as data only areas.

Answer 19

Data execution prevention (DEP)

Question 20

A memory management mechanism that ensures that the various elements and components of the OS and other core system code are loaded into randomly assigned memory locations at each bootup.

Answer 20

Address space layout randomization (ASLR)

Question 21

Strcat(), strcpy(), sprintf(), vsprintf(), memcpy(), bcopy(), getwd(), scanf(), and gets. Usually indicate that a buffer overflow is present.

Answer 21

Unbounded C++ functions

Question 22

The manipulation of the completion order of tasks to exploit a vulnerability.

Answer 22

Race conditions

Question 23

Often called race condition attacks because the attacker is racing with the legitimate process to replace the object before it is used.

Answer 23

Time-of-check-to-time-of-use (TOCTTOU or TOC/TOU) attacks

Question 24

When a process, a procedure, or an input causes an error, the system should revert to a more secure state.

Answer 24

Error handling

Question 25

Allows for the leaking of essential information to attackers or enable attackers to force a system into an insecure state.

Answer 25

Improper error handling

Question 26

Should include the following: check for length, filter for known malware patterns, and escape metacharacters.

Answer 26

Proper input handling

Question 27

When an attacker captures network traffic and then replays (retransmits) the captured traffic in an attempt to gain unauthorized access to a system.

Answer 27

Replay attack

Question 28

May focus on initial authentication abuse. They may be used to simulate numerous new clients or cause a DoS.

Answer 28

Wireless replay attack

Question 29

The recording of a subject’s visit to a website, interacting with a mobile application, or using an PC application, which is then played back by an administrator, investigator, or programmer to understand what occurred and why based on the subject’s activities.

Answer 29

Session replay

Question 30

The state that occurs when a mathematical operation attempts to create a numeric value that is too large to be contained or represented by the allocated storage space or memory structure.

Answer 30

Integer overflow

Question 31

Exploitations that make malicious requests of a service in such a way that the request seems legitimate.

Answer 31

Request forgeries

Question 32

When a vulnerable server is coerced into functioning as a proxy.

Answer 32

Server-side request forgery (SSRF)

Question 33

Tricks the user or the user’s browser into performing actions they had not intended or would not have authorized.

Answer 33

Cross-site request forgery (XSRF or CSRF)

Question 34

Malicious usages of software through its API.

Answer 34

API attack

Question 35

Occurs when applications are allowed to operate in an unrestricted and unmonitored manner so that all available system resources are consumed in the attempt to serve the requests of valid users or in response to a DoS attack.

Answer 35

Resource exhaustion

Question 36

Occurs when a program fails to release memory or continues to consume more memory.

Answer 36

Memory leak

Question 37

An on-path attack that prevents the negotiation of strong encryption between a client and server. Early attacks blocked access to HTTPS, later versions proxied between HTTP and HTTPS, and current versions perform downgrade attacks on the cipher suits of SSL/TLS.

Answer 37

SSL stripping

Question 38

Occurs when a malicious programmer crafts a system or device driver so that it behaves differently based on certain conditions.

Answer 38

Driver manipulation

Question 39

A means of injecting alternate or compensation code into a system to alter its operations without changing the original or existing code.

Answer 39

Shimming

Question 40

A restricting or reorganizing of software code without changing its externally perceived behavior or produced results.

Answer 40

Refactoring

Question 41

An authentication attack that potentially can be used to gain access as an authorized user without actually knowing or possessing the plaintext of the victim’s credentials. This attack is mostly aimed at Windows systems.

Answer 41

Pass the hash