Chapter 13* Flashcards
An attach that works by inputting more data than an application is expecting
Buffer Overflow
Occurs when multiple processes (or multiple threads within a process) control or share access to a particular resource
Race Conditions
If we are not careful to validate the input to our applications, we may find ourselves on the bad side of a number of issues
Input validation Attack
Attacks that attempt to gain access to resources without the proper credentials to do so
Authentication Attacks
Attacks that attempt to gain access to resources without the appropriate authorization to do so
Authorization Attacks
When attackers use certain print functions within a programming language that are meant to format the output but instead allow the attacker to manipulate or view an application’s internal mermory
Format Strick Attack
Web security has two categories of attacks
Client-Side Attacks
Server-Side Attacks
Takes advantage of weaknesses in the software loaded on the user’s clients or rely on social engineering to fool the user
Client-Side Attacks
XSS
Cross-Site Scripting
An attack carried out by placing code written in a scripting language into a webpage, or other media like Adobe Flash animation and some types of video files, that is displayed by a client browser
Cross-Site Scripting (XSS)
An attack that takes advantage of you browser’s graphical capabilities to trick you into clicking something you might not click otherwise
Clickjacking
XSRF
Cross-Site Request Forgery
An attacker places a link, or links. on a Web page in such a way that they’ll execute automatically.
Cross-Site Request Forgery (XSRF)
“Cryptography is easy to implement bady, and this can give us a false sense of security” defines what type attack?
Cryptographic Attack
“A number of vulnerabilities may cause problems on the server side of a Web transaction” defines what type of attacks>
Server-Side Attack
SQL
Structured Query Language
_____ is the language we use to communicate with many of the common databases on the market today
Structured Query Language (SQL)
Attackers use these attacks to gain access to the file system outside of the web server’s structure where content is stored by using the …/ character sequence, which moves up one level of a directory to change directions
Directory Traversal Attacks
When a software developer neglects to properly validate user inputs.
Lack of Input Validation
_________________________ injection gives us a strong example of what might happen if we do not properly validate the input of our Web applications
Structured Query Language (SQL)
Any files not directly related to running a site or application, that also might be artifacts of the development or build process
Extraneous Files
When we give a user or process the opportunity to interact with out database without supplyinh a set of credentials
Unauthenticated Access
A category of attack in which we make use of any of a number of methods to increase the level of access above what we are authorized to have.
Privilege Escalation
Which database language the most common in use?
Structures Query Language (SQL)
The ability for attackers to execute any commands on a system that they choose, without restriction
Arbitrary Code Execution
Known as Remote Code Execution when conducted over the network
Arbitrary Code Execution
NIST
National Institute of Standards and Technologies
USCERT
United States Computer Emergency Readiness Team
