Module 14 - Hacking Web Applications Flashcards
Web App Threats:
_______provides a powerful awareness document for web application security. _______ represents a broad consensus about what the most critical web application security flaws are.
The OWASP Top Ten
Web App Threats:
- Allows attackers to access restricted directories including application source code, configuration, and critical system files, and execute commands outside of the web server’s root directory.
- Grants you access to the back end of a site where you can alter or make changes.
Directory Traversal
Web App Threats:
It is a type of unvalidated redirect attack where the attacker first identifies the most visited website of the target identifies the vulnerabilities in the website, injects malicious code into the vulnerability web application, and waits for the victim to browse the website. Once the victim tries to access the website, the malicious code executes infecting the victim.
a. Water Hole Attack
b. Cross-Site Request Forgery (CRSF)
c. Cookie Poisoning
d. Cross-Site Scripting (XSS)
a. Water Hole Atack
Web App Threats:
- Used to maintain session state in the otherwise stateless HTTP protocol.
- Attacks the modification of the contents of a cookie (Personal information stored in a web user’s computer) in orider to bypass security mechanisms.
a. Water Hole Attack
b. Cross-Site Request Forgery (CRSF)
c. Cookie Poisoning
d. Cross-Site Scripting (XSS)
c. Cookie Poisoning
Hacking Methodology:
What can you do to defend against: Supply crafted malicious input that is syntactically correct according to the interpreted language being used in order to break application’s normal intended.
Input Validation
Hacking Methodology:
What can you do to mitigate SQL Injections?
Input Validation