Application Attacks Flashcards
_____ is a malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site.
Cross-site scripting (XSS)
_____ is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.
Cross-site Request Forgery (XSRF)
An _____ attack inserts an SQL query as part of user input, which allows an attacker to extract or insert information into the database or execute arbitrary code.
SQL injection
A _____ attack runs OS shell commands from the browser and allows commands to operate outside of the server’s directory root, allowing commands to run as the web “guest” user.
command injection
_____ occurs when the attacker gets access to a file outside the web server’s root directory.
Directory traversal
_____ describes the problem of authorizing a request for a service that depends on an intermediate service.
Transitive access
A lightweight directory access protocol (LDAP) injection occurs when an attacker exploits a client’s unauthenticated access to submit LDAP queries that could create or delete accounts, even change authorizations and privileges. LDAP uses port 389.
Study
A _____ injection is a vulnerability that causes the operating system to allow one process to attach to another.
dynamic link library (DLL)
_____ means the code performs the same function by using different methods. _____ means that the antivirus software may no longer identify the malware by its signature.
Refactoring
_____ is the process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.
Shimming
A ______ is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. This is successful if the server does not check if the user actually made the request.
Cross-site Request Forgery (XSRF)
_____ is a server-side input validation exploit that injects a script into a website. Once the victim visits the infected website, the malicious code executes in the user’s browser.
Reflected Cross-Site Scripting (XSS)
_____ is a server-side script attack that inserts code into a back-end database used by the trusted site
Stored (or persistent) Cross-Site Scripting (XSS)
_____ Cross-Site Scripting (XSS) exploits vulnerabilities in client-side scripts to modify the content and layout of a web page.
Document Object Model (DOM)
What can happen if program developers do not use logic statement tests before trying to use the software?
A malicious process can alter the execution environment to create a null point and crash the program
