Week 4

Question 1

a ____ provides services to clients

Answer 1

server

Question 2

On the Internet, a ____ provides services that are implemented as web applications

Answer 2

web server

Question 3

An important characteristic of server-side web applications is that ____ based on inputs from the user

Answer 3

they create dynamic content

Question 4

Securing ____ is often considered more difficult than protecting other systems

Answer 4

server-side web applications

Question 5

Such common web application attacks are

Answer 5

• cross-site scripting
• SQL injection
• XML injection
• command injection/directory traversal.

Question 6

____ injects scripts into a web application server to direct attacks at unsuspecting clients

Answer 6

Cross-Site Scripting (XSS)

Question 7

A server-side web application attack that manipulates user responses is____

Answer 7

SQL injection

Question 8

Is an injection attack technique used to manipulate or compromise the logic of an XML application or document

Answer 8

XML Injection

Question 9

____ is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server’s root directory

Answer 9

Directory Traversal

Question 10

____ attacks target vulnerabilities in client applications that interact with a compromised server or process malicious data

Answer 10

Client-Side Application

Question 11

An attacker can modify the HTTP headers to create an attack using ____

Answer 11

HTTP header manipulation

Question 12

Examples of HTTP header attacks include

Answer 12

• Referer
• Accept-Language
• Response splitting

Question 13

Response splitting
Instead of the web server asking the user for the same information each time the site is visited, the server can store user-specific information in a file on the user’s local computer and then retrieve it later. This file is called a ____

Answer 13

cookie

Question 14

A ____ is created from the website that a user is currently viewing

Answer 14

first-party cookie

Question 15

These cookies are called ____ because they are created by a third party (such as DoubleClick) that is different from the primary site.

Answer 15

third-party cookies

Question 16

A ____ is stored in random access memory (RAM), instead of on the hard drive, and lasts only for the duration of the visit to the website

Answer 16

session cookie

Question 17

A ____ is opposite of session cookie and is recorded on the hard drive of the computer and does not expire when the browser closes

Answer 17

persistent cookie

Question 18

A locally shared object (LSO) is also called a ____ , named after the Adobe Flash player.

Answer 18

Flash cookie

Question 19

____ are files that are coupled to email messages. Malicious attachments are commonly used to spread viruses, Trojans, and other malware when they are opened.

Answer 19

Attachments

Question 20

____ is an attack in which an attacker attempts to impersonate the user by using her session token.

Answer 20

Session hijacking

Question 21

A____ attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.

Answer 21

buffer overflow attack

Question 22

In an ____ attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an ____overflow.

Answer 22

integer overflow

Question 23

an ____ attack allows an attacker to run programs and execute commands on a different computer.

Answer 23

arbitrary/remote code execution