Week 4 Flashcards
a ____ provides services to clients
server
On the Internet, a ____ provides services that are implemented as web applications
web server
An important characteristic of server-side web applications is that ____ based on inputs from the user
they create dynamic content
Securing ____ is often considered more difficult than protecting other systems
server-side web applications
Such common web application attacks are
- cross-site scripting
- SQL injection
- XML injection
- command injection/directory traversal.
____ injects scripts into a web application server to direct attacks at unsuspecting clients
Cross-Site Scripting (XSS)
A server-side web application attack that manipulates user responses is____
SQL injection
Is an injection attack technique used to manipulate or compromise the logic of an XML application or document
XML Injection
____ is a type of HTTP exploit in which a hacker uses the software on a web server to access data in a directory other than the server’s root directory
Directory Traversal
____ attacks target vulnerabilities in client applications that interact with a compromised server or process malicious data
Client-Side Application
An attacker can modify the HTTP headers to create an attack using ____
HTTP header manipulation
Examples of HTTP header attacks include
- Referer
- Accept-Language
- Response splitting
Response splitting
Instead of the web server asking the user for the same information each time the site is visited, the server can store user-specific information in a file on the user’s local computer and then retrieve it later. This file is called a ____
cookie
A ____ is created from the website that a user is currently viewing
first-party cookie
These cookies are called ____ because they are created by a third party (such as DoubleClick) that is different from the primary site.
third-party cookies
A ____ is stored in random access memory (RAM), instead of on the hard drive, and lasts only for the duration of the visit to the website
session cookie
A ____ is opposite of session cookie and is recorded on the hard drive of the computer and does not expire when the browser closes
persistent cookie
A locally shared object (LSO) is also called a ____ , named after the Adobe Flash player.
Flash cookie
____ are files that are coupled to email messages. Malicious attachments are commonly used to spread viruses, Trojans, and other malware when they are opened.
Attachments
____ is an attack in which an attacker attempts to impersonate the user by using her session token.
Session hijacking
A____ attack occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
buffer overflow attack
In an ____ attack, an attacker changes the value of a variable to something outside the range that the programmer had intended by using an ____overflow.
integer overflow
an ____ attack allows an attacker to run programs and execute commands on a different computer.
arbitrary/remote code execution
