Hacking Web Applications Flashcards
What are the 7 layers of the web application vulnerability stack?
Layer 7: Custom Web Application(s) - Logic Flaws
Layer 6: Third Party Components - Frameworks, Languages, 3rd party integrations like Amazon Login - Zend, Symfony, PHP
Layer 5: Web Server - IIS, Apache, Nginx
Layer 4: Database - Oracle, MySQL, MSSQL, etc.
Layer 3: OS - Windows/Linux
Layer 2: Network - Router/Switch
Layer 1: Security - IPS/IDS
Which of the following components of the web service architecture is an extension of SOAP and can be used to maintain the integrity and confidentiality of SOAP messages?
WS-Security
UDDI
WSDL
WS-Policy
WS-Security
In Web Application Security, what are the impacts of broken authentication?
Application functions related to authentication and session management are often implemented incorrectly, thereby allowing attackers to compromise passwords, keys, or session tokens or to exploit other implementation flaws to assume identities of other users (temporarily or permanently).
In Web Application Security, what are the impacts of injection?
Injection flaws, such as SQL, command injection, and LDAP injection, occur when untrusted data is sent to an interpreter as part of a command or query. The attacker’s hostile data can trick the interpreter into executing unintended commands or accessing data without proper authorization
In Web Application Security, what are the impacts of sensitive data exposure?
Many web applications and APIs do not properly protect sensitive data, such as financial, healthcare, and personally identifiable information (PII) data. Attackers may steal or modify such weakly protected data to conduct credit card fraud, identity theft, or other crimes. Sensitive data requires extra protection such as encryption at rest or in transit, as well as special precautions when exchanged with the browser
In Web Application Security, what are the impacts of security misconfiguration?
Security misconfiguration is the most common issue in web security, which is due in part to manual or ad hoc configuration (or no configuration at all), insecure default configurations, open S3 buckets, misconfigured HTTP headers, error messages containing sensitive information, and not patching or upgrading systems, frameworks, dependencies, and components in a timely manner (or at all).
What is a direct timing attack?
Direct timing attacks are carried out by measuring the approximate time taken by the server to process a POST request to deduce the existence of a username
What is a cross-site timing attack?
A cross-site timing attack is another type of timing attack, in which attackers send crafted request packets to the website using JavaScript
What is a browser-based timing attack?
Attackers take advantage of side-channel leaks of a browser to estimate the time taken by the browser to process the requested resources. Attackers can abuse different browser functionalities to launch further attacks such as video parsing attacks and cache storage timing attacks
What is a cache storage timing attack?
The Cache API interface (used to load, fetch, and delete any responses) offers complete cache (memory) to the developers. Loading resources in the disk takes some amount of time based on the resource size. If attackers can estimate the time taken by the browser to perform this task, they can measure the corresponding response size
In Web Application Security, what is a network access attack?
Network access attacks can majorly affect web applications, including a basic level of service. They can also allow levels of access that standard HTTP application methods cannot grant
In Web Application Security, what is a captcha attack?
CAPTCHA is a challenge-response type of test implemented by web applications to check whether the response is generated by a computer. Although CAPTCHAs are designed to be unbreakable, they are prone to various types of attacks
In Web Application Security, what is cropping?
In cropping, only the selected controls from the transparent page are overlaid. This technique depends on the goal of the attack and may involve masking buttons with hyperlinks and text labels with false information, changing the button labels with wrong commands, and completely covering the legitimate page with misleading information while exposing only one original button.
In Web Application Security, what is click event dropping?
This technique can completely hide a malicious page behind a legitimate page. It can also be used to set the CSS pointer-events property of the top to none. This can cause click events to drop through the legitimate masked page and registers only the malicious page
In Web Application Security, what is rapid content replacement?
In rapid content replacement, the targeted controls are covered by opaque overlays that are removed only for a moment for registering a click. An attacker using this technique needs to accurately predict the time taken by the victim to click on the web page
