Application Level Session Hijacking Flashcards

1
Q

Explain MITM/Sniffing Attacks

A

Identifying session tokens, IDs, username, and/or passwords from network traffic

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain MITB Attacks

A

Man-in-the-Browser attack takes over browser settings to manipulate the information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cross-Site Scripting Attack Types

A

Reflected
DOM-Based
Stored/Persistent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain Cross-Site Scripting Reflected Attacks

A

Insecure input fields which execute code “reflected” back to the user

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain Cross-Site Scripting Stored/Persistent Attacks

A

Create malicious script on browser which executes upon a user visiting the page

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

CRIME Attack Vulnerable Protocols

A

HTTPS
SSL
TLS
Speedy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define CRIME attack

A

Compression Ratio Info-leak Made Easy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Explain Fixation/Donation Attacks

A

Including a session token in the url link to the web application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain Cross-Site Requests Forgery Attacks

A

Utilizes open sessions in a user’s web browser to execute scripts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Explain Session ID Prediction Attacks

A

Guess the web application session ID.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly