Chapter 7: Protecting Against Advanced Attacks Flashcards
What is a Denial-of-Service (DoS)?
An attack that makes a service unavailable by overwhelming it with traffic.
What is a Distributed Denial-of-Service (DDoS)?
A DoS attack launched from multiple systems simultaneously.
What is Resource Exhaustion?
Draining a system’s resources to degrade its performance or outright cause it to crash.
What is Reflected DDoS?
A DDoS that tricks legitimate servers into flooding a target with responses.
What is Amplified DDoS?
A DDoS that uses small requests to trigger larger responses from servers.
What is SYN Flood?
A DoS attack that overwhelms a server by not completing TCP handshakes.
What is Forgery?
An attack that occurs when an attacker creates a fake identity, certificate, file, or other object in an attempt to fool unsuspecting users or systems.
What is Spoofing?
An example of forgery, occurs when one person or entity impersonates someone or something else (IP Spoofing, MAC Spoofing, etc.).
What is On-Path Attack? AKA man-in-the-middle attack.
An attack where the attacker intercepts and potentially alters communications.
What is an Attacker-in-the-browser attack?
A malware-based attack that manipulates browser sessions in real-time, often to intercept or alter sensitive data like banking transactions.
What is SSL Stripping?
Downgrading HTTPS to HTTP to intercept unencrypted data.
What is DNS Poisoning?
Tampering with DNS records to redirect users to fake sites.
What is a Pharming Attack?
Redirecting users to malicious websites through DNS manipulation.
What is URL Redirection?
Sending users to different, often malicious, websites without their knowledge.
What is Domain Hijacking?
Taking unauthorized control of a domain name.
What is DNS Filtering?
Blocking harmful websites by preventing DNS resolution.
What is a DNS Sinkhole?
A fake DNS server that traps malicious traffic for analysis.
What is a Replay Attack?
Reusing captured data packets to gain unauthorized access.
What is Credential Replay?
Reusing valid login credentials to gain unauthorized access.
What is Input Validation?
Checking user input to prevent malicious data from entering a system.
What are some good practices when verifying user input?
Verifying proper characters, blocking HTML code, prevent the use of certain characters, and implementing boundary/range checking.
What are Race Conditions?
A flaw where two or more processes access shared data at the same time, leading to unpredictable results or vulnerabilities.
What is Time of Check to Time of Use (TOCTOU)
A flaw where a system’s state changes between checking a condition and using it, leading to security issues.
What is Error Handling?
The process of managing unexpected conditions in software to ensure stability and security.
What are good examples of proper Error Handling?
Logging errors internally while showing generic messages to users to avoid system info exposure.
What is Code Obfuscation?
A technique to make code unreadable or harder to reverse-engineer, often used to protect intellectual property.
What is a Compiler?
A program that converts source code into machine-readable instructions.
What are some potential vulnerabilities with outsourced code development?
Code does not perform expected tasks, code may have vulnerabilities that can be exploited, malicious code may be present, and lack of updates.
What are some best practice headers for HTTPS?
HTTP Strict Transport Security, Content-Security-Policy, and X-Frame-Options.
What is a Cookie?
A small file used by websites to store user session data and preferences.
What is a Secure Cookie?
A cookie transmitted only over HTTPS to protection it from interception.
What is Code Signing?
The process of digitally signing code to verify its integrity and source.
What is Static Code Analysis?
A method to detect code issues by analyzing code without running it.
What is a Manual Code Review?
A person reviewing code to catch errors or vulnerabilities.
What is Dynamic Code Analysis?
Evaluating software for issues while its running.
What is Fuzzing?
A method that bombards software with unexpected inputs to find security flaws.
What is Sandboxing?
A security method that isolates programs in a controlled environment to prevent them from harming the system or accessing sensitive data.
What is Package Monitoring?
Watching software dependencies for updates and vulnerabilities.
What is Software Version Control?
A system that tracks and manages changes to source code over time.
What is a Secure Development Environment?
A coding setup hardened with security measures to reduce vulnerabilities during development.
What are the multiple stages of a good secure development environment?
Development, Test, Staging, Production, Quality Assurance (QA) (the process can look different across different organizations).
What is a database?
A structured system for storing, managing, and retrieving data electronically.
What is SQL?
A language for querying and managing data in relational databases.
What is an SQL Query?
A command used to interact with and manipulate data in a database (e.g. SELECT * FROM users).
What are Stored Procedures?
Precompiled SQL statements stored in a database to perform tasks and improve performance and security.
What is an SQL Injection?
An attack where malicious SQL is inserted into a query to manipulate or access database data.
What is a Memory Leak?
When a program doesn’t release unused memory, leading to performance issues. Can cause a system to crash.
What is Buffer Overflow?
Writing more data to a buffer than it can hold, potentially causing crashes or code execution.
What is Memory Injection?
A technique where malicious code is injected directly into a program’s memory to execute stealthy attacks without touching the disk.
What is Integer Overflow?
When a calculation exceeds an integer’s maximum value, leading to errors and vulnerabilities.
What are Dynamic Link Library (DLL) Injections?
Injecting a malicious DLL into a process to run unauthorized code.
What is an LDAP Injection?
Manipulating LDAP queries to gain unauthorized access to directory services.
What is an Extensible Markup Language (XML) Injection?
Injecting malicious XML into an application to change logic or access data.
What is Directory Traversal?
An attack that exploits file path manipulation to access unauthorized directories or files.
What is Cross-site Scripting?
A web attack where malicious scripts are injected into trusted websites.
What is Reflected XSS/non-persistent?
XSS where a script is immediately reflected in a response, often via a URL. The injected script is only temporarily present.
What is Stored XSS/persistent?
XSS where malicious scripts are saved on a server and executed later by other users.
What is Script Automation?
Using scripts to automate tasks, often leveraged for efficiency or large-scale attacks.
What are some common use cases for Script Automation?
User provisioning, Resource Provisioning, Guardrails, Ticket Creation, Escalation, Enabling/disabling services and access, Continuous integration and testing, Integration and Application Programming Interfaces (APIs).
What are some of the benefits of Script Automation?
Efficiency/Saves Time, Enforces Security Baselines, Standard Infrastructure Configuration, Employee Retention, Reaction Time, And Workforce Multiplier.
What are some considerations that should be taken when implementing Script Automation?
Complexity, Cost, Single Point of Failure, Technical Debt, and Ongoing Supportability.
