1.3 Examples

Question 1

An attacker can use Javascript w/a vulnerable website to gather info from your computer w/o you knowing

Answer 1

cross site scripting

Question 2

the act of going around the website’s front end (where user’s interact with) to gain access to the data that’s in the datebase

Answer 2

SQL (structured query language)

Question 3

Attacker attaches malicious ** to a running process, allocates memory with the running process, connects the ** within the allocated memory and then executes function within ***

Answer 3

Dynamic Link Library (DLL)

Question 4

transfers data between two devices

Answer 4

XML (extensible markup language)

Question 5

If an application doesn’t catch an error, it often provides debugging into that attackers can use against the app

Answer 5

Error Handling

Question 6

buffer overflows, XSS (cross-site scripting), directory traversal, null byte injection, SQL injection, uncontrolled format string

Answer 6

Improper Input Handling

Question 7

when an attacker can control the 3rd party service URL to which the web application makes a request

Answer 7

Cross-Site Request Forgery (XSRF or CSRF)

Question 8

https://google.com (secure)
to
http://google.com (unsecure)

Answer 8

Secure Sockets Layer (SSL)

Question 9

Windows 10 being compatible w/Windows 8 once switching comp mode

Answer 9

Shimming

Question 10

uses port 389

Answer 10

LDAP (lightweight directory access protocol)