Final

Question 1

Problems that lead to command injection flaws

Answer 1

Failure to properly separate commands and data

Question 2

Possibly True SQL Statements

Answer 2

’ or 1=1 – a

Question 3

Malicious input to drop table ‘users’

Answer 3

’ ; DROP TABLE Users –

Question 4

Input Validation

Answer 4

PHP Magic Quotes

Question 5

Example of Parameterized Query

Answer 5

Prepared Statements

Question 6

Best practice of SQL injection prevention

Answer 6

parameterized queries

Question 7

Bind variable

Answer 7

? serves as placeholder within SQL

Question 8

With prepared statements, parameters are bound when?

Answer 8

At runtime

Question 9

URI

Answer 9

Uniform Resource Identifier

Question 10

XSS term

Answer 10

buzz word for specific type of Command Injection vulnerability

Question 11

XSS do what

Answer 11

exploit the trust a user’s browser has for a web server

Question 12

XSS typically ends in

Answer 12

malicious script run on victim’s host

Question 13

XSS involves

Answer 13

3 actors:

• attacker
• victim
• server

Question 14

Why are XSS possible?

Answer 14

Hard to differentiate data from code

Question 15

Javascript has access to

Answer 15

User’s information such as cookies

Question 16

Types of XSS Vuln.

Answer 16

1. Non-persistent / reflected
2. Persistent / stored
3. DOM-based / Local

Question 17

Non-persistent / Reflected XSS

Answer 17

browser data (in url) used by server-side scripts to generate malicious webpage sent back to user

Question 18

Persistent / Stored XSS

Answer 18

Malicious script provided to web app is stored on server and is used to continue rendering pages

Question 19

DOM-Based / Local

Answer 19

Malicious script is generated through local client-side DOM processing

Question 20

Example of non-persitant XSS attack

Answer 20

Eve convinces Alice to click on a URL that makes Bob’s server send Alice a malicious script

Question 21

Example of Persistant XSS attack

Answer 21

Eve posts message to board with embedded XSS attack script which Bob’s browser reads as code, not data

Question 22

Real world persistent xss attack

Answer 22

Samy Worm on Myspace

Question 23

DOM

Answer 23

Document Object Model

Question 24

XSS Mitigations

Answer 24

1. Input validation, sanitation

2. Output encoding

Question 25

Output encoding

Answer 25

escaping output

Question 26

Original purpose of sticky bit

Answer 26

Sped up executions by putting executables into swap memory

Question 27

Write and execution bits on a directory allows

Answer 27

1. addition of files

2. Deletion/renaming of files, subdirectories without requiring write permissions on files/directory

Question 28

Weird case with w, e, bits on a directory prevented by

Answer 28

Sticky bit

Question 29

Sticky bit

Answer 29

Only owner or root can delete, rename the file/directory and contents

Question 30

TOCTOU

Answer 30

Time of check, time of use

Question 31

Toctou caused by

Answer 31

possibility that a resource changes between time permission is checked and time it is used

Question 32

Classic TOCTOU

Answer 32

SetUID program calls access() followed by open()

Question 33

access()

Answer 33

checks REAL userID

Question 34

open()

Answer 34

opens file for reading/writing

Question 35

How TOCTOU works

Answer 35

1. put soft link to owned file in /tmp

2. run vulnerable setUID repeatedly, replace innocuous link with root only file repeatedly

Question 36

TOCTOU mitigations

Answer 36

1. Temporarily disable root
2. Check-use-check again
3. Use atomic operation
4. Use capabilities

Question 37

TCP/IP Flaws

Answer 37

1. Naive design assumptions (security not intrinsic)
2. Incomplete specification (details left to implementers)
3. Implementation errors (buggy, incorrect implementations)

Question 38

4-Layer TCP/IP Network Model

Answer 38

1. Link
2. Network (TCP/UDP)
3. Transport (IP)
4. Application

Question 39

UDP

Answer 39

unreliable connectionless communication

Question 40

UDP delivery style

Answer 40

best-effort

Question 41

TCP

Answer 41

reliable, connection-oriented communication

Question 42

IP

Answer 42

connectionless, unreliable communication over the internet

Question 43

ARP is a

Answer 43

data link layer

Question 44

ARP

Answer 44

resolves the media access control address corresponding to a forwarding IP address

Question 45

IP is a

Answer 45

Network layer

Question 46

__ sends data in individual packets

Answer 46

IP

Question 47

Data is guaranteed to arrive to the application in correct order

Answer 47

TCP

Question 48

TCP 3 Way Handshake

Answer 48

1. SYN w/ ISN
2. SYN-ACK w/ own ISN
3. ACK

Question 49

ISN

Answer 49

initial sequence number

Question 50

Syn

Answer 50

ISN + bytes of data previously sent

Question 51

ACK

Answer 51

Sequence + bytes of data previously sent + 1

Question 52

SYN Flood

Answer 52

Form of DdOS, floods Syn queue without completing 3rd part of three way handshake

Question 53

Syn Flood Mitigations

Answer 53

• Syn cookies

Question 54

RST Attack

Answer 54

Sends TCP packets transmitted with RST flag set

Question 55

RST Attack mitigation

Answer 55

• Stateful packet filtering

Question 56

Session Hijacking

Answer 56

Insertion of TCP packets into previously established TCP session (using a sniffer)

Question 57

Session hijacking mitigation

Answer 57

IPv6, HTTPS

Question 58

5 components of a cryptosystem

Answer 58

• plaintexts
• keys
• ciphertexts
• enciphering funct
• deciphering funct

Question 59

What does cryptosystem achieve?

Answer 59

1) Confidentiality
2) Integrity
3) Authentication
4) Non-repudiation

Question 60

Kerchkoffs Principle

Answer 60

A cryptosystem should be secure even if everything BUT the key is known

Question 61

Symmetric crypto aka

Answer 61

Single key encryption

Question 62

Example of simple crypto

Answer 62

Caesar cipher

Question 63

In a symmetric system, key is

Answer 63

shared by sender and recipient

Question 64

How does symmetric key work?

Answer 64

symmetric key is used with both the encryption and the decryption functions

Question 65

Example of symmetric crypto

Answer 65

AES

Question 66

Asymmetric Crypto aka

Answer 66

public key crypto

Question 67

Why is public key crypto possible?

Answer 67

Because of intractable math problems

Question 68

Example of intractable problem

Answer 68

factoring primes

Question 69

How does symmetric key work?

Answer 69

Key for encryption, key for decryption

Question 70

Asymmetric key examples

Answer 70

RSA, diffie-hellman

Question 71

Digital signatures

Answer 71

Authenticates both origin and contents of message

Question 72

Difference between encryption and hashing

Answer 72

Encryption uses a key

Question 73

HMAC

Answer 73

Message Authentication Code

Question 74

How does a public key message work? (sender)

Answer 74

• Sender acquires receivers key
• Encrypt message with key
• Hash unencrypted message (digest)
• Encrypt digest with private key
• Send encrypted message and digest to the receiver

Question 75

How public key message works? (receiver)

Answer 75

• Decrypt encrypted message with private key
• Compute message digest of unencrypted message
• Decrypt encrypted message digest using sender’s public key
• Compare decrypted digest to computed digest

Question 76

3 Security principles provided by public key crypto:

Answer 76

1. Confidentiality
2. Integrity
3. Authentication

Question 77

PKI

Answer 77

Public key infrastructure uses certs to confirm identity of parties involved

Question 78

CA

Answer 78

Certificate Authority

Question 79

RA

Answer 79

Registration Authority

Question 80

Types of symmetrical cyphers

Answer 80

Stream

Block

Question 81

CERT is a

Answer 81

Certified public key

Question 82

Which hash algorithms have been cracked

Answer 82

MD5

Sha-1

Question 83

SHA

Answer 83

Secure Hash Algorithm

Question 84

Strength of HMAC depends on

Answer 84

size of secret key

Question 85

Most famous key exchange

Answer 85

Diffie hellman

Question 86

Man in the middle attack

Answer 86

Attack intercepts communication, impersonates each