CSS Attacks Flashcards

1
Q

What are the 3 main types of XSS attacks?

A

Reflected XSS
Stored XSS
DOM-based XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Cross-Site Scripting (XSS)?
A) A method of intercepting network traffic between a client and server.
B) An attack where malicious scripts are injected into web pages viewed by other users.
C) A technique to exploit vulnerabilities in the server’s operating system.
D) A process of encrypting sensitive data transmitted over the internet.

A

B) An attack where malicious scripts are injected into web pages viewed by other users.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is a common vector used to execute a cross-site scripting (XSS) attack?
A) SQL injection
B) Buffer overflow
C) Input validation
D) Injection of malicious scripts into web pages

A

D) Injection of malicious scripts into web pages

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Which type of XSS attack involves injecting malicious scripts directly into the HTML markup of a web page?
A) Stored XSS
B) Reflected XSS
C) DOM-based XSS
D) Persistent XSS

A

A) Stored XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

In a reflected XSS attack, where does the injected malicious script originate from?
A) The attacker’s server
B) A vulnerable web application
C) The victim’s browser
D) An email attachment

A

C. The victim’s browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Which HTTP header can help mitigate the risk of XSS attacks by instructing the browser to restrict how content is loaded and executed?
A) Content-Encoding
B) Access-Control-Allow-Origin
C) Content-Security-Policy
D) Cross-Origin-Resource-Policy

A

C) Content-Security-Policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a common impact of successful XSS attacks?
A) Unauthorized access to databases
B) Execution of arbitrary code on the victim’s browser
C) Overloading the server with excessive requests
D) Manipulation of server-side files

A

B) Execution of arbitrary code on the victim’s browser

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Which of the following is an example of a DOM-based XSS attack?
A) Injecting a malicious script into a search field that gets reflected back in the search results.
B) Inserting a malicious script into a comment section of a blog post.
C) Modifying the content of an HTML page using JavaScript to execute arbitrary code.
D) Intercepting and altering HTTP requests and responses to inject malicious scripts.

A

C) Modifying the content of an HTML page using JavaScript to execute arbitrary code.**

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is a potential consequence of an XSS attack?
A) Corrupting system files on the server.
B) Stealing sensitive user information such as login credentials.
C) Slowing down network performance by flooding it with traffic.
D) Triggering a denial-of-service (DoS) attack on the web server.

A

B) Stealing sensitive user information such as login credentials.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How can developers prevent XSS vulnerabilities in their web applications?
A) Implementing strict input validation and output encoding.
B) Disabling JavaScript execution in the browser.
C) Using weak encryption algorithms to obfuscate sensitive data.
D) Allowing users to input HTML tags freely without validation.

A

A) Implementing strict input validation and output encoding.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Which type of XSS attack occurs when user input is stored on the server and then displayed to other users without proper validation?
A) Reflected XSS
B) Stored XSS
C) DOM-based XSS
D) Cross-Site Request Forgery (CSRF)

A

B) Stored XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the purpose of a SameSite cookie attribute in mitigating XSS attacks?
A) It prevents cookies from being sent in cross-origin requests.
B) It encrypts sensitive data before storing it in cookies.
C) It restricts access to cookies based on the user’s IP address.
D) It limits the scope of cookies to same-origin requests, reducing the risk of XSS attacks.

A

D) It limits the scope of cookies to same-origin requests, reducing the risk of XSS attacks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Which type of XSS attack allows an attacker to execute malicious scripts stored on a web server?
A) Reflected XSS
B) Stored XSS
C) DOM-based XSS
D) Server-side XSS

A

B) Stored XSS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

How does Reflected XSS differ from Stored XSS?
A) Reflected XSS exploits vulnerabilities in the server’s configuration, while Stored XSS exploits input validation flaws in web forms.
B) Reflected XSS injects malicious scripts directly into web pages, while Stored XSS stores scripts on the server for later execution.
C) Reflected XSS requires user interaction to execute, while Stored XSS executes automatically when the victim visits a compromised web page.
D) Reflected XSS targets client-side scripts, while Stored XSS targets server-side scripts.

A

C) Reflected XSS requires user interaction to execute, while Stored XSS executes automatically when the victim visits a compromised web page.**

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Which of the following scenarios is an example of a DOM-based XSS attack?
A) An attacker injects a malicious script into a web form, which is then stored in the application’s database and executed when viewed by other users.
B) An attacker exploits a vulnerability in a web server to inject malicious scripts into web pages, compromising the security of visitors.
C) An attacker manipulates the Document Object Model (DOM) of a web page to execute malicious scripts in the victim’s browser.
D) An attacker sends a link containing malicious code to a victim, tricking them into clicking it and executing the script.

A

C) An attacker manipulates the Document Object Model (DOM) of a web page to execute malicious scripts in the victim’s browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

How can developers mitigate the risk of XSS attacks in their web applications?
A) By encrypting sensitive data transmitted over the network.
B) By implementing input validation and output encoding to sanitize user input.
C) By restricting access to server-side scripting languages.
D) By deploying firewalls to block malicious traffic.

A

B) By implementing input validation and output encoding to sanitize user input.

17
Q

Which of these is a Reflected XSS, Stored XSS, and DOM-based XSS?
A. The injected script is stored on the server (e.g., in a database) and executed whenever a user accesses the vulnerable page or data.
B. The injected script is reflected off the web server, such as in search results or error messages, and executed in the user’s browser.
C. The injected script is processed client-side by the Document Object Model (DOM), allowing the attacker to manipulate the page’s content dynamically.

A

A. Stored XSS
B. Reflected XSS
C. DOM-based XSS