Web Application Attacks & Vulnerabilities Flashcards

1
Q

Define a web application

A

A piece of software which runs over the internet

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define SOAP

A

Simple Object Access Protocol, utilizes xml and HTTP/HTTPS to make requests to a web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define WSDL

A

Web Services Description Language file to define how to interact with the SOAP API

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Rest API

A

Representational State Transfer, utilizes HTTP/S get, post, put, and delete

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Common Security Risks

A

Injection Attacks
Security Misconfigurations
Dependency Vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Common Defense

A
SAST, DAST
Input validation (fuzzing)
Encoding
Whitelisting/Blacklisting
Web App Firewalls (WAF)
RASP
Bug Bounties (hackerone, bugcrowd)
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define SAST

A

Static Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Define DAST

A

Dynamic Application Security Testing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Fuzzing methods

A

Mutation
Generation
Protocol Based

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Define RASP

A

Runtime Application Security Protection, dynamically identify known threats from web application inputs

How well did you know this?
1
Not at all
2
3
4
5
Perfectly