Ch 5 Key Terms Flashcards
introduce new input to exploit a vulnerability
injection attacks
ARP Poisoning
SQL injection
cross-site scripting (XSS)
injection attacks
imitates another computer’s IP address
IP spoofing
ARP Poisoning
MAC poisoning
IP spoofing
When the user is tricked into clicking a link that is other than what it appears to be
clickjacking
mousejacking
micejacking
clickjacking
uses the user’s web browser settings to impersonate that user
cross-site scripting (XSS)
cross-sit scripting (XSS)
clickjacking
cross-site request forgery (XSRF)
cross-site request forgery (XSRF)
Uses publicly accessible and open DNS servers to flood a system with DNS response traffic.
DNS attacks
cross-site scripting
DNS amplification attack
SQL injection
DNS amplification attack
a deliberate attempt to prevent authorized users from accessing a system
service of a denial
distributed deny of service
denial of service
distributed denial of service
denial of service
threat actor takes advantage of web applications that accept user input without validating it
URL hijacking
IP spoofing
cross-site request forgery (XSRF)
cross-site scripting (XSS)
cross-site scripting (XSS)
targets SQL servers by introducing malicious commands into them
integer overflow attack
SQL injection
IP spoofing
SQL injection
to illegally seize or commandeer over something and use it for nefarious reasons
hijacking
Session hijacking
SQL injection
URL hijacking
hijacking
substitues a DNS address so that the computer is automatically redirected to another device
DNS Poisoning
DNS Attack
ARP Attack
ARP Poisoning
DNS Poisoning
an attack using scripting that originates on one site to impact another site (user computer)
cross-site request forgery (XSRF)
IP spoofing
URL hijacking
cross-site scripting (XSS)
cross-site scripting (XSS)
to find the MAC address of another device based on the IP address
ARP
APR
PAR
AAR
ARP
a threat actor gains access to the domain control panel and redirects the registerd domain
domain hijacking
session hijacking
URL hijacking
DNS hijacking
domain hijacking
makes a copy of the legitimate transmission before sending it to the recipient
Replay
MITB
Repeated
MITM
Replay
when a domain pointer that links a domain name to a specific web server is changed
DNS poisoning
domain hijacking
DNS hijacking
domain hijacking
an attack in which an attacker attempts to impersonate the user by using her session token
integer overflow attack
session hijacking
IP spoofing
URL hijacking
session hijacking
user is authenticated on website, tricked into loading a webpage, hacker inherits access
integer overflow attack
cross-site request forgery (XSRF)
buffer overflow attack
cross-site scripting (XSS)
cross-site request forgery (XSRF)
changing the value of a variable to something outside the programmer’s range
SQL injection
buffer overflow attack
integer overflow attack
integer overflow attack
imitating another computer by means of changing the MAC address
ARP spoofing
IP spoofing
MAC spoofing
MAC spoofing
intercepts communication between parties to steal or manipulate the data
MITB
MIIB
MITM
Replay
MITB
exploiting a vulnerability in software to gain higher level access to resources
Firesheep
Elevated user
Cache poisoning
Privilege escalation
Privilege escalation
user makes a typing error when entering a uniform resource locator address in a web browser
typo squatting
URL hijacking
session hijacking
typo squatting
atttackers purchase the domain names of sites that are spelled similarly to actual sites
URL hijacking
DNS hijacking
session hijacking
URL hijacking
Uses publicly accessible and open DNS servers to flood a system with DNS response traffic
DNS amplification attack
SQL injection
injection attacks
cross-site scripting
DNS amplification attack
