Application Attacks and Security Flashcards
An exploit connects to a specific TCP port and presents the attacker with an administrative command prompt. What type of attack is this?
Botnet
Trojan
Privilege escalation
Privilege escalation
Privilege escalation occurs when a user gains higher access rights than he or she should have, either because they were given too many rights or because of a security flaw
Which of the following best describes a buffer overflow attack?
Injecting database code via a web page
Using a dictionary file to crack passwords
Sending too much data to an application that allows an attacker to run arbitrary code
Sending too much data to an application that allows an attacker to run arbitrary code
A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application, which can result in areas of code being overwritten and may cause the application to crash or allow arbitrary execution of commands on the target
You are analyzing web traffic in transit to your web server, and you notice someone logging on with a username of Bob with a password of “pass’ or 1=1–”. Which of the following describes what is happening?
XML injection
SQL injection
LDAP injection
SQL injection
A SQL injection attack occurs when the attacker inserts database (SQL) statements into a backend database, via a web site, that manipulates the way the database stores data. In this example, the attacker is trying to bypass the logon by using “pass’ or 1=1–” as a password, thus attempting to display all the database records
Which of the following is the most likely to mitigate against buffer overflow attacks?
Antivirus software
Firewall ACLs
Patching
Patching
Buffer overflow attacks can often be mitigated by ensuring that you keep up-to-date with system and application patches. As the vendor finds the vulnerabilities, that vendor will fix the issues through a patch. Input validation is also a common mitigation for buffer overflow attacks
What type of attack involves the attacker inserting a client-side script into the web page?
XSS
Watering hole
ARP poisoning
XSS
Cross-site scripting (XSS) is an attack that involves the attacker inserting script code into a web page so that it is then processed and executed by a client system when a user browses that web page
Your manager has read about SQL injection attacks and is wondering what can be done to best protect against them for applications that were developed in-house. What would you recommend?
Patching
Antivirus
Input validation
Input validation
A SQL injection attack involves the attacker inserting database code via a web application, where it is not expected. The best countermeasure to this is to have your programmers validate any information (check its accuracy) passed into an application
What type of file on your hard drive stores web app preferences and session data?
Cookie
Hosts
LMHOSTS
Cookie
A cookie is a text file used by a web browser to store web app preferences and session information. A secure cookie prevents attackers from using the cookie to impersonate a user through XSS attacks by scripting languages such as JavaScript (cookie HTTPOnly flag) and allows cookie transmission only over HTTPS (cookie Secure flag)
Which type of vulnerability results from writing data beyond expected memory boundaries?
Pointer dereference
Integer overflow
Buffer overflow
Buffer overflow
Buffer overflows result from writing data beyond expected memory boundaries, which can crash a program or allow arbitrary code execution
Which application-testing technique is the most likely to uncover improper input handling?
Fuzzing
Overloading
Penetration testing
Fuzzing
Fuzzing provides a large amount of input data, even invalid data, to an application in order to observe its behavior; the idea is to ensure that the application is stable and secure with its input and error handling
Which programming problem stems from multiple threads not executing in a predictable, sequential pattern?
Blue screen of death
Multi-core CPU throttling
Race condition
Race condition
In a race condition, when code is executed by multiple threads, the timing of dependent events is not predictable, and as a result, a different thread can function in an unintended manner. For example, a piece of code may check the value of a variable and take action later, while that variable’s value can change in the interim
A piece of malware replaces a library of code used as needed by a controlling program. What name describes this type of security issue?
DLL injection
Pointer dereference
Integer overflow
DLL injection
Dynamic-link library (DLL) injections insert code into a DLL, which is called by a program at runtime as needed
Which term describes applications that are allowed to run on company computers?
Application approved list
Application block list
Fuzzing
Application approved list
Allowed applications are applications that can run on the company’s computer systems. These apps are listed within a policy that applies to computers to control software execution to prevent potentially malicious software from running
Jane is the lead security officer for your company and is analyzing web server logs. Jane notices suspicious activity related to navigating the file system on a web server. What type of attack was most likely performed?
Integer overflow
Directory traversal/command injection
Malicious add-on
Directory traversal/command injection
Directory traversal, also known as command injection, occurs when the attacker accesses web server directories, which are restricted in order to execute commands found in the operating system of the web server
A malicious user deploys a rogue wireless access point that users unknowingly connect to. User traffic is captured, modified, and sent back out on the network in an attempt to send fraudulent user session data. Which type of attack it this?
Replay
Shimming
Refactoring
Replay
Replay attacks involve an attacker first capturing packets of interest, possibly manipulating something in the packet, and then sending it back out on the network. This type of attack can be used to gain access to sensitive resources as a valid user by resending authorized access traffic
An attacker tricks a user into clicking a malicious link that causes an unwanted action on a web site the user is currently authenticated to. What type of exploit is this?
Cross-site request forgery
Cross-site scripting
Replay
Cross-site request forgery
Cross-site request forgeries occur when an attacker tricks a user into executing unwanted actions on a web site she is currently authenticated to
After testing revealed security flaws, for quality assurance reasons, a software developer would like to harden a custom database API that accepts user parameters. Which hardening techniques should be used? (Choose two.)
Input validation
HTTPS API access
Elasticity
Autoscaling
Input validation
HTTPS API access
Software developers must use input validation as a secure coding method to ensure that user-supplied data is expected and valid. Input validation should occur server-side so that validation code is not exposed or potentially modified client-side. To mitigate API attacks, HTTPS can be used to authenticate and encrypt connections to an API
Which type of Public Key Infrastructure (PKI) certificate should software developers use to establish a chain of trust?
Client-side
Wildcard
Code-signing
Code-signing
Code-signing certificates are used by script writers and software developers to digitally sign scripts or software files. Devices that trust the certificate issuer will trust files signed by issued code-signing certificates. Software developers must harden their systems to ensure that their software compilers and certificates are not compromised. Compilers are used to convert programming language code to binary machine-readable language
Software developers in your company use a centralized code version-control system to track programming code creation, modification, testing, and deployment. You have created automation scripts that are used by this tool to trigger code tests when new code is checked in. Upon successful testing, the code is then packaged and a push notification of the update is sent to mobile app users. Which term best describes this environment?
CI/CD
Input validation
Elasticity
CI/CD
Continuous integration and continuous deployment (CI/CD) uses automation to speed up the overall development and delivery of software to interested parties. This can include the monitoring of code check-ins and validating the integrity of code changes through automated testing scripts
Which non-profit organization focuses solely on securing web applications?
OWASP
NIST
ISO
OWASP
The Open Web Application Security Project (OWASP) is a vendor-neutral non-profit organization whose focus is to provide guidance and free tools that can be used to secure web applications. Tools include web vulnerability scanners and fuzzers, as well as secure programming libraries supporting security features such as input validation through the OWASP Enterprise Security API (ESAPI)
Which benefits are derived from the use of database stored procedures? (Choose two.)
Code reuse
Shimming
CI/CD
Database object permissions assignment
Code reuse
Database object permissions assignment
Stored procedures are similar to a function or script that can be executed over and over in a database environment. Stored procedures can be assigned permissions to access specific database objects such as tables, and users or database roles are granted the permission to execute stored procedures
Your team has been tasked with reviewing the source code for a custom application component to identify and mitigate source code vulnerabilities. Which term best describes the procedure?
Dynamic code analysis
Shimming
Static code analysis
Static code analysis
Static code analysis involves reviewing software source code to identity problems such as security vulnerabilities
Which type of software programming vulnerability could allow data to be overwritten in memory, thus affecting the stability of the program?
Buffer overflow
XSS
Cross-site request forgery
Buffer overflow
A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application, which can result in areas of code being overwritten, and may cause the application to crash or allow arbitrary execution of commands on the target
Which action simulates attacks against a web application?
Normalization
Penetration testing
Obfuscation
Penetration testing
Simulating attacks against an IT environment, including web applications, is called penetration testing, or pen testing. This type of testing is used to identify security flaws that can be actively exploited. Pen tests can render a web app unusable and must be executed with the direct permission of the system owner
You have configured the expires HTTP header on your web server with a value of -1. What does this mean?
Cache this HTTP response for 1 day.
Do not accept this HTTP response.
Data must be requested before being displayed again.
Data must be requested before being displayed again.
The -1 value for an expires HTTP header means expiration is immediate, and caching for this response does not occur; thus, upon reuse, the data will have to be requested from the server. Caching be sometimes be useful to decrease the amount of time it takes to load web page content and reduce the amount of network traffic sent to a web server. On the server side, caching reduces the number of HTTP requests that must be processed by the web server
Which HTTP response header is used to require HTTP connections?
Allow
Expires
HSTS
HSTS
The HTTP Strict Transport Security (HSTS) response header requires HTTPS secured web server connections; it prevents downgrade attacks that may attempt to use HTTP
Which HTTP response header flags can mitigate XSS attacks and ensure confidentiality over the network? (Choose two.)
X-Frame-Options
HttpOnly
Secure
Expires
HttpOnly
Secure
The HTTPOnly flag prevents client-side script access to a sensitive cookie; it is accessible only by the server. The secure flag requires transmission using HTTPS as opposed to the less secure HTTP
Which activity can be used to identity and remove dead code?
Dynamic code analysis
Static code analysis
Fuzzing
Static code analysis
Static code analysis involves reviewing software source code to identity problems such as security vulnerabilities and existing dead code fragments
Which activity is considered to be a form of penetration testing?
Dynamic code analysis
Static code analysis
Fuzzing
Fuzzing
Fuzzing provides a large amount of input data, even invalid data, to an application in order to observe its behavior; the idea is to ensure that the application is stable and secure with its input and error handling. It’s commonly used as a black-box software testing technique
Your developers must digitally sign scripts before they will be trusted to run on corporate computers. What must be in place before a code-signing certificate can be issued?
PKI
CI/CD
OWASP
PKI
A PKI is a hierarchy of security certificates used to secure computing environments such as through disk encryption and network authentication and encryption. Developers can use it to sign their source code to ensure that anyone that downloads it is able to confirm the validity of the code
Which of the following security terms is the most closely related to memory management?
Race condition
Cross-site scripting
Buffer overflow
Buffer overflow
A buffer overflow attack occurs when an attacker sends more data to an application or service than it is expecting. The extra data that is sent flows out of the area of memory (the buffer) assigned to the application, which can result in areas of code being overwritten, and may cause the application to crash or allow arbitrary execution of commands on the target
What can be done to mitigate XSS attacks?
Install a device PKI certificate.
Enable the use of stored procedures.
Block the use of web browser client-side scripting languages.
Block the use of web browser client-side scripting languages.
A XSS attack involves the attacker inserting script code into a web page so that it is then processed and executed by the client web browser, once the user accesses the web page. If the target client web browser blocks languages such as JavaScript from executing in the web browser, the attack is mitigated because the code does not execute
