Chapter 13* Flashcards

1
Q

An attach that works by inputting more data than an application is expecting

A

Buffer Overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Occurs when multiple processes (or multiple threads within a process) control or share access to a particular resource

A

Race Conditions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

If we are not careful to validate the input to our applications, we may find ourselves on the bad side of a number of issues

A

Input validation Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Attacks that attempt to gain access to resources without the proper credentials to do so

A

Authentication Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Attacks that attempt to gain access to resources without the appropriate authorization to do so

A

Authorization Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

When attackers use certain print functions within a programming language that are meant to format the output but instead allow the attacker to manipulate or view an application’s internal mermory

A

Format Strick Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Web security has two categories of attacks

A

Client-Side Attacks
Server-Side Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Takes advantage of weaknesses in the software loaded on the user’s clients or rely on social engineering to fool the user

A

Client-Side Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

XSS

A

Cross-Site Scripting

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

An attack carried out by placing code written in a scripting language into a webpage, or other media like Adobe Flash animation and some types of video files, that is displayed by a client browser

A

Cross-Site Scripting (XSS)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

An attack that takes advantage of you browser’s graphical capabilities to trick you into clicking something you might not click otherwise

A

Clickjacking

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

XSRF

A

Cross-Site Request Forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

An attacker places a link, or links. on a Web page in such a way that they’ll execute automatically.

A

Cross-Site Request Forgery (XSRF)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

“Cryptography is easy to implement bady, and this can give us a false sense of security” defines what type attack?

A

Cryptographic Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

“A number of vulnerabilities may cause problems on the server side of a Web transaction” defines what type of attacks>

A

Server-Side Attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

SQL

A

Structured Query Language

17
Q

_____ is the language we use to communicate with many of the common databases on the market today

A

Structured Query Language (SQL)

18
Q

Attackers use these attacks to gain access to the file system outside of the web server’s structure where content is stored by using the …/ character sequence, which moves up one level of a directory to change directions

A

Directory Traversal Attacks

19
Q

When a software developer neglects to properly validate user inputs.

A

Lack of Input Validation

20
Q

_________________________ injection gives us a strong example of what might happen if we do not properly validate the input of our Web applications

A

Structured Query Language (SQL)

21
Q

Any files not directly related to running a site or application, that also might be artifacts of the development or build process

A

Extraneous Files

22
Q

When we give a user or process the opportunity to interact with out database without supplyinh a set of credentials

A

Unauthenticated Access

23
Q

A category of attack in which we make use of any of a number of methods to increase the level of access above what we are authorized to have.

A

Privilege Escalation

24
Q

Which database language the most common in use?

A

Structures Query Language (SQL)

25
Q

The ability for attackers to execute any commands on a system that they choose, without restriction

A

Arbitrary Code Execution

26
Q

Known as Remote Code Execution when conducted over the network

A

Arbitrary Code Execution

27
Q

NIST

A

National Institute of Standards and Technologies

28
Q

USCERT

A

United States Computer Emergency Readiness Team