Web Application Attacks Flashcards
What is OWASP Top 10?
The OWASP Top 10 is a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
Which information should you gather from Web Application?
- Programming language and frameworks
- Web server software
- Database software
- Server operating system
Special characters for HTML and JavaScript?
< > ‘ “ { } ;
What is Cross-site scripting (XSS)?
Cross-site scripting (XSS) is a type of security vulnerability that can be found in some web applications. XSS attacks enable attackers to inject client-side scripts into web pages viewed by other users. A cross-site scripting vulnerability may be used by attackers to bypass access controls such as the same-origin policy.
What is the Document Object Model (DOM)?
The Document Object Model (DOM) is a cross-platform and language-independent interface that treats an XML or HTML document as a tree structure wherein each node is an object representing a part of the document. The DOM represents a document with a logical tree. Each branch of the tree ends in a node, and each node contains objects. DOM methods allow programmatic access to the tree; with them one can change the structure, style or content of a document. Nodes can have event handlers attached to them. Once an event is triggered, the event handlers get executed.
What is HTML element?
An HTML element is a type of HTML (HyperText Markup Language) document component, one of several types of HTML nodes (there are also text nodes, comment nodes and others).
What is the script element?
The HTML element is used to embed executable code or data; this is typically used to embed or refer to JavaScript code. The element can also be used with other languages, such as WebGL’s GLSL shader programming language and JSON.
What is htmlspecialchars?
htmlspecialchars — Convert special characters to HTML entities
What is iframe?
The HTML element represents a nested browsing context, embedding another HTML page into the current one.
What is HTTP cookie?
HTTP cookies (also called web cookies, Internet cookies, browser cookies, or simply cookies) are small blocks of data created by a web server while a user is browsing a website and placed on the user’s computer or other device by the user’s web browser. Cookies are placed on the device used to access a website, and more than one cookie may be placed on a user’s device during a session.
What is Secure cookie?
Secure cookies are a type of HTTP cookie that have Secure attribute set, which limits the scope of the cookie to “secure” channels (where “secure” is defined by the user agent, typically web browser).
How to run the PS1 script?
C:\Users\admin\Documents> powershell -ExecutionPolicy Bypass -File admin_login.ps1
How to use netcat to receive a cookie?
kali@kali:~$ sudo nc -nvlp 80
What is Cookie-Editor?
Cookie-Editor lets you efficiently create, edit and delete a cookie for the current tab. Perfect for developing, quickly testing or even manually managing your cookies for your privacy.
