Strategies to protect against web application risks Flashcards
What are some tactics to defend against an SQL injection attack?
Security Testing:
Conduct regular security testing, including penetration testing and code reviews, to identify and remediate SQL injection vulnerabilities in your application code.
Database Firewalls:
Consider implementing database firewalls or intrusion detection systems (IDS) that can detect and block SQL injection attempts.
If no user input can be trusted, how should this be checked (validated)?
No user input should be used without being treated and any active script should be removed before the query request is passed to the SQL server.
What are some tactics to defend against an XSS attack?
Security Awareness Training:
Train your development team on secure coding practices, especially regarding XSS vulnerabilities.
Browser Updates:
Encourage users to keep their web browsers up-to-date, as modern browsers often include security enhancements to protect against XSS attacks.
What is a buffer overflow attack? How could this vulnerability be prevented?
A buffer overflow attack occurs when a program writes too much data into a buffer, potentially leading to memory corruption. Prevention involves careful coding and input validation.
How can a server be defended against a DoS, or DDoS attack?
Be vigilant
- Identify out-of-date browser agents, which often disguise legacy
bots. - Monitor website traffic.
- Be alert for public data breaches.
How is the management of security achieved with third-party software?
Managing security with third-party software entails choosing trusted vendors, keeping the software updated, and implementing security policies, monitoring, and audits.
