Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Web Application Security > Basic > Flashcards

Basic Flashcards

1
Q

what is cross site scripting attack

A

a form of attack where a malicious script is injected to a website, such that when the website reloads it executes the script and thereby hacker gets access to the data

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

what are the types of XSS

A

stored XSS and reflected XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

what is stored XSS

A

happens in case where the user puts input to a form that is being saved to database, the attackers injects scripts as input and thus when the form is reload, the script executes, thus giving back the attacker control over the site

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

what is reflected XSS

A

this is a harder to execute type of attack where user is guided to click on a link that executes the script in turn and thus steal user information

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

how to prevent XSS

A

validate user input and use blacklisted tags & javascript snippets that can not be part of user request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is cross site request forgery

A

cross site request forgery is a way to execute unintended action after the user has logged into a website

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

how does CSRF works

A

to get exposed to CSRF following conditions need to be met 1) the site uses cookie based user identification technique 2) the request does not require any unpredictable parameter

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

how are CSRF exececuted

A

either forcing or alluring user to click on a link that sends a GET request to server or by redirecting to a different UI that submits malicious parameters via POST request

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

how CSRF can be prevented

A

through the use of token and using Samesite cookie configuration (that ensures session cookie can be sent back from the same domain)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

what is DoS

A

Denial of Service is a way of flooding a server with requests at such a volume that the server is no more able to serve valid requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what are types of DoS

A

flood and crash types

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is flood type

A

when the attacker issues ping (ICMP) or SYN commands (in which case the server forever tries to establish a connection, and thus the port stays engaged) to flood the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

what is crash type

A

the attacker injects a bug to the server - happens in rare occasions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

what is DDoS

A

performing DoS from multiple locations simultaneously

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

how DoS can be stopped

A

1) IP whitelisting 2) Black hope routing 3) Rate limiting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Web Application Security (3 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions