Chapter 9: Web Application Attacks Flashcards

1
Q

Before beginning a Web Application Attacks, what four things should we enumerate?

A
  1. Programming Language and Frameworks
  2. Web server software
  3. Database software
  4. Server operating system
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define Cross-site scripting (XSS).

A

Cross-Site Scripting allows attackers to inject client-side-scripts into pages viewed by other users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What enables XSS?

A

A lack of data sanitisation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is data sanitisation?

A

A process in which user input is processed, removing or transforming all dangerous characters or
strings.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe Stored XSS/Persistent XSS.

A

Occurs when a payload is stored in the web servers database or cached by the server. The web application then retrieves this payload and displays it to anyone that views the vulnerable webpage.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe Reflected XSS.

A

Usually includes the payload in a crafted request or link. The web application then places this request in the page content. This attack only works when a person submits the request or views the link.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Describe DOM-based XSS.

A

Similar to the other two, however it takes place inside the websites Document Object Model. A browser parses html content and generates an internal DOM representation. This attack occurs when the code underneath the webpage has been changed.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How do we identify XSS vulnerabilities?

A

Potential entry points are input fields which accept unsanitized input and is displayed as output in subsequent pages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

In terms of SQLi, what is a simple way to check for SQLi vulnerability?

A

Use ‘

It’s a string delimiter used in queries. If it’s vulnerable and hasn’t handled it correct, it will likely result in a database error.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly