Application Attack 2.4

Question 1

Injection Attack

Answer 1

• Attackers adding their own information to the data stream.

Question 2

Causes for Injection Attack

Answer 2

• Enabled because of bad programming.
• Application should properly handle input and output.

Question 3

Different Types of Injection Attack

Answer 3

• Structure Query Language (SQL)
• Extensible Markup Language (XML)
• Hyper Text Markup Language (HTML)
• Lightweight Directory Access Protocol (LDAP)

Question 4

Buffer Overflows

Answer 4

• Overwriting a buffer of memory which spills over into other memory.
• Not a simple exploit, takes time to implement.

Question 5

Privilege Escalation

Answer 5

• The attacker gains root- or admin- level access due to an exploit or thru a design flaw.
• Would allow more capabilities

Question 6

Horizontal Privilege Escalation

Answer 6

• Attacker expands their privilege escalation by taking over another account.
• Misuses the privileges of another user.

Question 7

Vertical Privilege Escalation

Answer 7

• Attacker attempts to gain more permissions or access.
• Uses the already compromised account.

Question 8

Mitigating Privilege Escalation

Answer 8

• Fix the vulnerability
• Update anti-virus/malware software
• Only data in executable areas can run
• Prevent a buffer overrun at a known memory address.

Question 9

Cross-Site Requests Forgery

Answer 9

• Known as XSRF, CSRF (sea surf)
• Takes advantage of a web browser’s trust that a web application has for the user.

Question 10

Directory Traversal Attack

Answer 10

• Reads files from a web server that are outside of the websiteTa’s file directory.
• Attacker uses special inputs circumvent the directory.

Question 11

Cryptographic Attacks

Answer 11

• Takes advantage of the user’s trust in the results without valid reasons.
• Algorithmic weakness can be exploited or overlooked by developers.