Application Level Session Hijacking Flashcards
Explain MITM/Sniffing Attacks
Identifying session tokens, IDs, username, and/or passwords from network traffic
Explain MITB Attacks
Man-in-the-Browser attack takes over browser settings to manipulate the information
Cross-Site Scripting Attack Types
Reflected
DOM-Based
Stored/Persistent
Explain Cross-Site Scripting Reflected Attacks
Insecure input fields which execute code “reflected” back to the user
Explain Cross-Site Scripting Stored/Persistent Attacks
Create malicious script on browser which executes upon a user visiting the page
CRIME Attack Vulnerable Protocols
HTTPS
SSL
TLS
Speedy
Define CRIME attack
Compression Ratio Info-leak Made Easy
Explain Fixation/Donation Attacks
Including a session token in the url link to the web application
Explain Cross-Site Requests Forgery Attacks
Utilizes open sessions in a user’s web browser to execute scripts
Explain Session ID Prediction Attacks
Guess the web application session ID.