Threats And Attacks On Endpoints

Question 1

Zero-day Attack

Answer 1

Unknown vulnerability
New software
Impossible to detect
Hard to patch

Question 2

Default Configurations

Answer 2

Weak
Out-of-the-box

Question 3

Open permissions

Answer 3

Weak configuration
Everyone
777 on Linux

Question 4

Unsecured Root Accounts

Answer 4

Weak configuration
Weak password

Question 5

Weak Encryption

Answer 5

Weak configuration
Length of key

Question 6

Cross-site scripting (XSS)

Answer 6

Web application vulnerability
Malicious scripts on victims browser

Question 7

Same Origin Policy

Answer 7

Allowing execution of scripts that come from same domain

Question 8

Reflected Cross Site Scripting

Answer 8

Most common XSS
Non-persistent XSS
Injects malicious scripts in any fields and accepts and sends to server

Question 9

Stored XSS

Answer 9

Persistent cross site scripting
Malicious script by attacker stored on web server or database
Might affect more than one user

Question 10

DOM Based XSS

Answer 10

JavaScript failing

Question 11

SQL Injection

Answer 11

Injecting special characters into apps input field
Resulting sensitive info gathered

Question 12

Error Based SQL Injection

Answer 12

Confirms vulnerability by database error messages

Question 13

Blind SQL Injection

Answer 13

Happens by making SQL query so database execution engine is made to answer yes or no questions

Question 14

Second Order SQL Injection

Answer 14

Malicious input stored in database table and used as an input parameter in a different SQL query in a different place

Question 15

Race Condition

Answer 15

When app processes multiple operations at the same time causing failures in execution

Question 16

Path Manipulation

Answer 16

Upload malicious files into app