Identifying Application Attacks Flashcards

1
Q

What process optimizes databases and when is a database considered optimized?

A

Normalization optimizes databases.

A DB is considered optimized when the first 3 forms of normalization are applied.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

input validation and stored procedures reduce the risk of what type of attack?

A

SQL injection attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

’ or ‘1’=’1’ is used for what purpose?

A

it’s an SQL command used in many SQL injections attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

directory traversal is a specific type of what type of attack? How does it work?

A

Command injection attack

an attacker would enter a directory path into a web page form to retrieve a file

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the name given for an attack where bad code HTML or JS code is written into a website and it will execute on the client-side (victim’s browser) when a user visits the site?
What can prevent this type of attack?

A

XSS (Cross Site Scripting)

Input validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What type of attack involves an attacker creating a webpage that is configured to execute a command that takes advantage of the trust that another website has for the victims browser. If the victim clicks it, the command is executed without the user knowing. It can be used to purchase goods for instance

A

Cross-Site Request Forgery (XSRF)

Session Riding/One-click attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

cookie expiry period or dual authentication can protect against what type of attack? Why?

A

Cross-Site Request Forgery (XSRF)
Having the cookie expire after a short period prevents automatic login to a site
Dual authentication forces the user to log BEFORE any actions can be taken
Both techniques prevent links programmed by the attacker from getting past the login.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly