Cyber Attacks and Vulnerabilities Flashcards
Vulnerability where code placed in programs that bybass normal authentication and security mechanisms
Backdooor
Method of accessing unauthorized directories by moving through the directory structure on a remote server
Directory Traversal
when attacker is able to execute or run commands on a victim computer
Arbitrary Code Execution
Attacker is able to execute commands remotely
RCE - Remote Code Execution
Attack against a vulnerability that is unknown to original developer or manufacturer
Zero Day
attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed
SQL Injection
When a process stores data outside the memory range allocated by the developer
Buffer Overflow
Occurs when an attack fills up the buffer with a non-operational instruction (NOP) so that the return address may hit a NOP and continue on until it finds the attacker’s code to run
Smash the Stack
An attack that overflows a server with traffic, overloading and rendering it inaccessible to legitimate users
DOS - Denial of Service
Occurs when an attacker embeds malicious scripting commands into a trusted website
XSS - Cross Site Scripting
Type of XSS attack that attempts to get data provided by the attacker to be saved on the web server by the victim
Stored/Persistent XSS
Type of XSS attack that attempts to have a non persistent effect activated by a victim clicking a link on the site
Reflected XSS
XSS attack that attempts to exploit the victim’s web browser
DOM-Based XSS
Occurs when attacker forces a user to execute actions on a web server for which they are already authenticated
Cross Site Request Forgery - XSRF/CSRF
attack that involves multiple connected online devices, collectively known as a botnet, which are used to overwhelm a target website with fake traffic.
DDOS - Distributed Denial of Service
Attack that manipulates or compromises the logic of an XML application or service.
XML injection
XML attack that embeds a request for local resource
XML External Entity XXE