Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Sec+ > Application attacks > Flashcards

Application attacks Flashcards

1
Q

This type of attack takes advantage of insecure user input on a webpage, and takes advantage of a victim by tricking them into clicking on a link which has malicious JavaScript in the URL.

A

XSS (reflected) (non persistent)

Cross site scripting.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

This type of attack takes advantage of unsanitized user input into a text field, allowing attackers to post a message to social media, or any other web page, containing a malicious payload. It is now stored on the websites database and anyone who loads this page will execute the malicious script.

A

Stored XSS attack

stored cross site scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of attack takes advantage of a user input form that allows attackers to add their own information into a data stream?

A

Injection attack.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which attack is able to overwrite other memory areas by filling up all of the available space in another?

A

Buffer overflow.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Which attack takes advantage of being able to intercept a hash of a victim’s password in transit (usually by means of arp poisoning or a network tap) and then later forwarding a crafted authentication request using that captured hash to an authentication server?

A

Pass the hash

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which attack is done by stealing a session id from a victim’s cookie and using it to authenticate?

A

Sidejacking (session hijacking)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Which type of attack takes advantage of a web application’s trust already granted to a user and their broswer by making unauthorized requests on their behalf?

A

XSRF/CSRF - Cross site request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which type of attack takes advantage of a vulnerability in a web application that allows them to send requests directly to a web server and have those requests completed by the web sever on behalf of the attacker, giving them access to the database and other backend functions using the web server as a middleman?

A

SSRF - server side request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a WAF?

A

Web application firewall.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What does a WAF do?

A

A wirewall for web applications. Filters HTTP/S traffic going to and from the web server.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is it called when weak programming makes two events happen at the same time And causes an unexpected result? Doesn’t always have to be done with malicious intent.

A

Race conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Sec+ (37 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions