Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CSE 127: Intro to Security > Lec 10: Web Security I: SQL injection > Flashcards

Lec 10: Web Security I: SQL injection Flashcards

1
Q

How do websites work?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

(T/F): Most database and web scripting languages are untyped

A

True

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How can attackers exploit unforeseen user input?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is SQL and what is it used for? What are the data types normally used?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

How does SQL get used on the Web?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the problem with this code?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is an input validation vulnerability and how does it work?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q
A

Give back everything on user savage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A

Comments out code after query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q
A

Always true so gives you any info you want

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the different parts of HTTP in a URL?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is URL encoding?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Why is URL encoding/user input into SQL a problem for more than authentication?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is the problem with this?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can you do to protect from unvalidated input issues?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is input Validation?

A

Strip out comments and (if possible) SQL keywords from input

17
Q

What is the problem with just stripping out quote in Input Validation?

A

What about names like O’Brien? Would not work for all possible valid inputs.

18
Q

What is better escaping input validation?

A
19
Q

What is the problem with better escaping input validation?

A

Quoting problems through cannonicalization (replacing ‘ with equivalent ASCII or other equivalents)

20
Q

What is integer field input validation?

A
21
Q

What are integer field validation issues?

A
22
Q

What is second-order SQL injection?

A
23
Q

What is an example of second-order SQL injection?

A
24
Q

What are prepared statements?

A
25
Q

What are the issues with prepared statements?

A

somewhat awkward syntax and can’t be used in some cases

26
Q

What are mitigation strategies for SQL injection?

A
27
Q

What does WAG stand for?

A

Web Application Gateway

28
Q

What is WAG and what does it do?

A
29
Q

What are the disadvantages of WAG?

A
30
Q

What is was the CardSystems Attack of June 2005?

A
31
Q

What is Hold Security (2014)?

A

CSE 127: Intro to Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions