Chapters 1 and 2 Difficult Concepts Flashcards
XML Bomb
Consumes memory exponentially, acting like a DoS attack
XXE (XML External Entity Attack)
attempts to read local resources like password hashes in the shadow file
DOM XSS
document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack
NOP Slide
attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code
CSRF
ross site request forgery. triggers actions on different websites without user consent
SELinux Policy Types
targeted - only specific processes are confined to a domain while others are unconfined
strict policies - every subject and object operates under mac but its more complex to setup. most secure
MLS policy implements a more stringent security model based on the Bell-LaPadula model, which focuses on maintaining data confidentiality by controlling read and write access based on security levels.