Module 14 - Hacking Web Applications Flashcards

1
Q

Web App Threats:

_______provides a powerful awareness document for web application security. _______ represents a broad consensus about what the most critical web application security flaws are.

A

The OWASP Top Ten

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Web App Threats:

  • Allows attackers to access restricted directories including application source code, configuration, and critical system files, and execute commands outside of the web server’s root directory.
  • Grants you access to the back end of a site where you can alter or make changes.
A

Directory Traversal

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Web App Threats:

It is a type of unvalidated redirect attack where the attacker first identifies the most visited website of the target identifies the vulnerabilities in the website, injects malicious code into the vulnerability web application, and waits for the victim to browse the website. Once the victim tries to access the website, the malicious code executes infecting the victim.

a. Water Hole Attack
b. Cross-Site Request Forgery (CRSF)
c. Cookie Poisoning
d. Cross-Site Scripting (XSS)

A

a. Water Hole Atack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Web App Threats:

  • Used to maintain session state in the otherwise stateless HTTP protocol.
  • Attacks the modification of the contents of a cookie (Personal information stored in a web user’s computer) in orider to bypass security mechanisms.
    a. Water Hole Attack
    b. Cross-Site Request Forgery (CRSF)
    c. Cookie Poisoning
    d. Cross-Site Scripting (XSS)
A

c. Cookie Poisoning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Hacking Methodology:

What can you do to defend against: Supply crafted malicious input that is syntactically correct according to the interpreted language being used in order to break application’s normal intended.

A

Input Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Hacking Methodology:

What can you do to mitigate SQL Injections?

A

Input Validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly