application attacks

Question 1

Privilege escalation

Answer 1

a cybersecurity technique that allows an attacker to gain more access or permissions to a system than they originally had

Question 2

Cross-site scripting

Answer 2

an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website

Question 3

Injections

Answer 3

Injection attacks occur when attackers exploit vulnerabilities in an application to send malicious code into a system

This type of exploit may allow them to execute unauthorized commands, access data, or manipulate the system’s operation

Question 4

access protocol (LDAP)

Answer 4

a vendor-neutral protocol that allows users to access and search for information within a network.

t’s a directory service protocol that runs on top of the TCP/IP stack and is based on a client-server model. L

Question 4

Structured query language (SQL)

Answer 4

a programming language for storing and processing information in a relational database.

Question 5

Dynamic link library (DLL)

Answer 5

a file type containing code, data, and resources that can be shared among multiple programs to accomplish specific tasks.

Question 6

Lightweight directory

Answer 6

a software protocol that can be used to securely access information and resources on a network

Question 7

Extensible markup language (XML)

Answer 7

a standard markup language that allows users to define their own data formats and encode data

Question 8

Pointer/object dereference

Answer 8

If an attacker can make an application point to a null section of memory where nothing exists rather than the part of memory where the application data might exist,

Question 9

Directory traversal

Answer 9

a common and dangerous way for hackers to gain access to restricted files on a website or web application

Attackers manipulate variables that reference files using dot-dot-slash (../) sequences to navigate outside of the intended directory and access sensitive files

Question 10

Buffer overflows

Answer 10

typically involves violating programming languages and overwriting the bounds of the buffers they exist on. Most buffer overflows are caused by the combination of manipulating memory and mistaken assumptions around the composition or size of data.

Question 11

Time of check/time of use

Answer 11

a type of software bug or security vulnerability that occurs when a system checks the state of a part of itself before using the results of that check

Question 12

Race conditions

Answer 12

occurs when attackers manipulate the timing or sequence of events in a multithreaded or asynchronous system to compromise security

Question 13

Error handling

Answer 13

a programming technique that helps developers manage unexpected situations in a program’s execution

It’s a critical part of an application’s security, as improper error handling can lead to security vulnerabilities

Question 14

Improper input handling

Answer 14

refers to the inadequate or incorrect validation, sanitization, filtering, or encoding and/or decoding of input data

It’s a common weakness in applications and a leading cause of critical vulnerabilities in today’s systems

Question 15

Replay attack

Answer 15

a network attack where an attacker intercepts and retransmits data that was previously exchanged between two parties

The attacker can delay, redirect, or repeat the communication, and then pretend to be one of the legitimate parties.

Question 16

Session replays

Answer 16

a cyber attack that involves an attacker intercepting network traffic and replaying it to gain unauthorized access to a website or service

The attacker can obtain session tokens or cookies that allow them to impersonate a legitimate user.

Question 17

Request forgeries
- Server-side
- Client-side
- Cross-site

Question 18

interface (API) attacks

Answer 18

is an attempt by a malicious actor to gain unauthorized access to an API to break into a system or network, or transfer data

When successful, attackers can disrupt business operations or steal data, money, or credentials. Most API attacks take advantage of security vulnerabilities within APIs themselves.

Question 19

Resource exhaustion

Answer 19

a type of denial of service (DoS) attack in cybersecurity that occurs when an attacker intentionally consumes a system’s resources to make it unavailable or unusable

This can happen by depleting critical computing resources like memory, processing power, or network bandwidth.

Question 20

Memory leak

Answer 20

an unintentional form of memory consumption whereby the developer fails to free an allocated block of memory when no longer needed.

The consequences of such an issue depend on the application itself.

Question 21

Secure sockets layer (SSL) stripping

Answer 21

a type of cyberattack that forces a user’s browser to connect to an unprotected version of a website without SSL encryption

This attack is a form of Man-in-the-Middle (MITM) attack that exploits the way encryption protocols start connections.

Question 22

Driver manipulation

Answer 22

a sophisticated technique used in application attacks to exploit vulnerabilities within a system.

This technique involves the manipulation of device drivers, which are software components that allow the operating system to interact with hardware devices.

Question 23

Pass the hash

Answer 23

a stealthy cyber attack that allows cybercriminals to access secure systems without the actual password.

PtH attacks exploit how passwords are often stored as cryptographic hashes, which can be stolen and used to create a new user session on the same network.

Question 24

• Shimming

Answer 24

a type of cyber threat that involves secretly installing malicious code into a system to access data and compromise information.

Shimming attacks can target vulnerabilities in software, hardware interfaces, or operating system APIs. They can be stealthy and go undetected because they manipulate how software components interact.

Question 25

• Refactoring

Answer 25

a software engineering technique that involves restructuring code without changing its external behavior

The goal is to improve the code’s nonfunctional properties, such as readability, maintainability, and complexity.