Chapters 1 and 2 Difficult Concepts Flashcards

1
Q

XML Bomb

A

Consumes memory exponentially, acting like a DoS attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

XXE (XML External Entity Attack)

A

attempts to read local resources like password hashes in the shadow file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

DOM XSS

A

document object model
exploits client’s web browser using client side scripts to modify the content and layout of the webpage, client’s device executes the attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

NOP Slide

A

attackers fill the buffer with NOP No operation instructions. The return address slides down the NOP instructions until it reaches the attackers code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

CSRF

A

ross site request forgery. triggers actions on different websites without user consent

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

SELinux Policy Types

A

targeted - only specific processes are confined to a domain while others are unconfined
strict policies - every subject and object operates under mac but its more complex to setup. most secure
MLS policy implements a more stringent security model based on the Bell-LaPadula model, which focuses on maintaining data confidentiality by controlling read and write access based on security levels.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly