Identifying software and data vulnerabilities Flashcards
Web application attacks cannot be blocked by traditional networking security devices. Why not?
More than 40 per cent of all criminal activities are perpetrated by people who have inside knowledge or access to the IT systems. Other attacks rely on human behaviour or are the result of criminal behaviour. Many of these risks cannot be automatically checked and blocked.
What is an SQL injection attack?
An SQL injection attack is a type of cyberattack that exploits vulnerabilities in a web application to manipulate its database by injecting malicious SQL code. This can lead to unauthorized access, data theft, or database manipulation.
What is an XSS attack?
Cross-site scripting (XSS) is dependent on a web page interface that permits access to both the server and the data stored on it. One technique used in XSS involves ‘acquiring’ or taking control of the login credentials from another session, thereby gaining authorized access to the server.
What is an XML injection attack? How is this different to SQL or XSS attacks?
An XML injection attack involves manipulating XML data on the server-side, while SQL injection targets databases, and XSS impacts the client-side, executing malicious scripts in users’ browsers.
How does a distributed denial-of-service attack (DDoS) differ from a denial-of service attack (DoS)? Which is the more dangerous, and has the largest impact? Why?
DoS originates from one computer while DDoS can originate from many
hundreds or thousands of ‘zombie bots’ or botnets. The attack takes place by
requesting to access the same URL or IP address simultaneously which
causes the website to cease to function.
