Chapter 13* Flashcards
An attach that works by inputting more data than an application is expecting
Buffer Overflow
Occurs when multiple processes (or multiple threads within a process) control or share access to a particular resource
Race Conditions
If we are not careful to validate the input to our applications, we may find ourselves on the bad side of a number of issues
Input validation Attack
Attacks that attempt to gain access to resources without the proper credentials to do so
Authentication Attacks
Attacks that attempt to gain access to resources without the appropriate authorization to do so
Authorization Attacks
When attackers use certain print functions within a programming language that are meant to format the output but instead allow the attacker to manipulate or view an application’s internal mermory
Format Strick Attack
Web security has two categories of attacks
Client-Side Attacks
Server-Side Attacks
Takes advantage of weaknesses in the software loaded on the user’s clients or rely on social engineering to fool the user
Client-Side Attacks
XSS
Cross-Site Scripting
An attack carried out by placing code written in a scripting language into a webpage, or other media like Adobe Flash animation and some types of video files, that is displayed by a client browser
Cross-Site Scripting (XSS)
An attack that takes advantage of you browser’s graphical capabilities to trick you into clicking something you might not click otherwise
Clickjacking
XSRF
Cross-Site Request Forgery
An attacker places a link, or links. on a Web page in such a way that they’ll execute automatically.
Cross-Site Request Forgery (XSRF)
“Cryptography is easy to implement bady, and this can give us a false sense of security” defines what type attack?
Cryptographic Attack
“A number of vulnerabilities may cause problems on the server side of a Web transaction” defines what type of attacks>
Server-Side Attack