Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > Section 28: Attacking Vulnerabilities > Flashcards

Section 28: Attacking Vulnerabilities Flashcards

1
Q

File Inclusion

A

Allows an attacker to download a file from an arbitrary location or upload an executable or script file to open a backdoor

● Remote File Inclusion
o Executes a script to inject a remote file into the web app or the website

● Local File Inclusion
o Adds a file to the web app or website that already exists on the hosting server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Cross-Site Scripting (XSS)

A

Cross-Site Scripting (XSS)
▪ Injects a malicious script into a trusted site to compromise the site’s
visitors

  1. Attacker identifies input validation vulnerability within a trusted
    website
  2. Attacker crafts a URL to perform code injection against the
    trusted website
  3. The trusted site returns a page containing the malicious code
    injected
  4. Malicious code runs in the client’s browser with permission level
    as the trusted site
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Session Management

A

Enables web applications to uniquely identify a user across several
different actions and requests

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Cookie

A

▪ Text file used to store information about a user when they visit a website

● Non-Persistent
o Reside in memory

● Persistent
o Stored in browser cache

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Session Hijacking

A

▪ Disconnects a host and then replaces it with his or her own machine by spoofing the original host IP address
● Session cookie theft
● Nonrandom tokens

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Session Prediction

A

Predicts a session token to hijack the session

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Cross-Site Request Forgery (CSRF)

A

▪ Exploits a session that was started on another site and within the same web browser

  1. Ensure user-specific tokens are used in all form submissions
  2. Add randomness and prompt for additional information for
    password resets
  3. Require users to enter their current password when changing it

The Victim needs to have a session on a legitimate website(bank) and the malicious website on the same browser at the same time. The attacker can then send requests to the legitimate website through the browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Extensible Markup Language (XML)

A

▪ Used by web apps for authentication, authorization, and other types of data exchange

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Lightweight Directory Access Protocol (LDAP)

A

▪ An open, vendor-neutral, industry standard application protocol for
accessing and maintaining distributed directory information services over an Internet Protocol network

Often used for authentication and storing information about users, groups, and applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

BGP

A

Bridge Gateway Protocol

An external gateway protocol that manages how packets are routed from network to network.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CASP+ (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions