Application Attacks Flashcards

Mock Exam Revision

1
Q

CSRF/XSRF attack

CSRF/XSRF (Cross-Site Request Forgery) is an attack where unauthorised commands are transmitted from a victim’s browser to a trusted site where the user is authenticated. Exploits the site’s trust in the user’s session (cookies). Prevented via anti-CSRF tokens, same-site cookies, and strict reference policies.

A
  1. Exploits the trust a website has in the user’s web browser.
  2. A user is tricked by an attacker into submitting unauthorised web requests.
  3. Website executes attacker’s requests.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

A type of exploit that relies on overwriting contents of memory to cause unpredictable results in an application is referred to as:

A. IV attack
B. Privilege escalation
C. Buffer overflow
D. DLL injection

A

Buffer Overflow

A software vulnerability where writing excess data beyond a memory buffer’s allocated space corrupts adjacent memory, potentially allowing arbitrary code execution. Common in C/C++ due to lack of bounds checking. Defences include stack canaries, DEP (Data Execution Prevention), and secure coding practices.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Which type of exploit targets web applications that generate content used to store and transport data?

A. SQL injection attack
B. CSRF/XSRF attack
C. XML injection attack
D. LDAP injection attack

A

XML Injection Attack

Exploits vulnerabilities in XML parsers by injecting malicious tags, entities, or scripts. Subtypes include:

XXE (XML External Entity): Reads server files.

XPath Injection: Manipulates database queries.
Defences include input sanitisation, schema validation, and parser hardening.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which of the following exploits targets a protocol used for managing and accessing networked resources?

A. CSRF/XSRF attack
B. XML injection attack
C. LDAP injection attack
D. SQL injection attack

A

LDAP (Lightweight Directory Access Protocol) Injection Attack

Exploits insecure LDAP queries by injecting malicious search filters or commands. Similar to SQL injection but targets directory services. Defences include input sanitisation, LDAP query escaping, and strict access controls.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly