Web Application Attacks & Vulnerabilities Flashcards
Define a web application
A piece of software which runs over the internet
Define SOAP
Simple Object Access Protocol, utilizes xml and HTTP/HTTPS to make requests to a web server
Define WSDL
Web Services Description Language file to define how to interact with the SOAP API
Define Rest API
Representational State Transfer, utilizes HTTP/S get, post, put, and delete
Common Security Risks
Injection Attacks
Security Misconfigurations
Dependency Vulnerabilities
Common Defense
SAST, DAST Input validation (fuzzing) Encoding Whitelisting/Blacklisting Web App Firewalls (WAF) RASP Bug Bounties (hackerone, bugcrowd)
Define SAST
Static Application Security Testing
Define DAST
Dynamic Application Security Testing
Fuzzing methods
Mutation
Generation
Protocol Based
Define RASP
Runtime Application Security Protection, dynamically identify known threats from web application inputs