1.3 Examples Flashcards
An attacker can use Javascript w/a vulnerable website to gather info from your computer w/o you knowing
cross site scripting
the act of going around the website’s front end (where user’s interact with) to gain access to the data that’s in the datebase
SQL (structured query language)
Attacker attaches malicious ** to a running process, allocates memory with the running process, connects the ** within the allocated memory and then executes function within ***
Dynamic Link Library (DLL)
transfers data between two devices
XML (extensible markup language)
If an application doesn’t catch an error, it often provides debugging into that attackers can use against the app
Error Handling
buffer overflows, XSS (cross-site scripting), directory traversal, null byte injection, SQL injection, uncontrolled format string
Improper Input Handling
when an attacker can control the 3rd party service URL to which the web application makes a request
Cross-Site Request Forgery (XSRF or CSRF)
https://google.com (secure)
to
http://google.com (unsecure)
Secure Sockets Layer (SSL)
Windows 10 being compatible w/Windows 8 once switching comp mode
Shimming
uses port 389
LDAP (lightweight directory access protocol)