Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSE 127: Intro to Security > Lec 10: Web Security I: SQL injection > Flashcards

Lec 10: Web Security I: SQL injection Flashcards

1
Q

How do websites work?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(T/F): Most database and web scripting languages are untyped

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can attackers exploit unforeseen user input?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is SQL and what is it used for? What are the data types normally used?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does SQL get used on the Web?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the problem with this code?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an input validation vulnerability and how does it work?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A

Give back everything on user savage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A

Comments out code after query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A

Always true so gives you any info you want

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the different parts of HTTP in a URL?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is URL encoding?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is URL encoding/user input into SQL a problem for more than authentication?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the problem with this?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can you do to protect from unvalidated input issues?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is input Validation?

A

Strip out comments and (if possible) SQL keywords from input

17
Q

What is the problem with just stripping out quote in Input Validation?

A

What about names like O’Brien? Would not work for all possible valid inputs.

18
Q

What is better escaping input validation?

19
Q

What is the problem with better escaping input validation?

A

Quoting problems through cannonicalization (replacing ‘ with equivalent ASCII or other equivalents)

20
Q

What is integer field input validation?

21
Q

What are integer field validation issues?

22
Q

What is second-order SQL injection?

23
Q

What is an example of second-order SQL injection?

24
Q

What are prepared statements?

25
What are the issues with prepared statements?
somewhat awkward syntax and can't be used in some cases
26
What are mitigation strategies for SQL injection?
27
What does WAG stand for?
Web Application Gateway
28
What is WAG and what does it do?
29
What are the disadvantages of WAG?
30
What is was the CardSystems Attack of June 2005?
31
What is Hold Security (2014)?

CSE 127: Intro to Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions