Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
37 Cards in this Set
- Front
- Back
ActiveX |
A set of rules for how applications under the Microsoft Windows operating system should share information |
|
ActiveX Control |
A specific way of implementing ActiveX that runs through the web browser and functions like a miniature application |
|
Add-on |
Program that provides additional functionality to web browsers. Also called extension |
|
Address Resolution Protocol |
Part of the TCP/IP protocol for determining the MAC address based on the IP address |
|
Arbitrary/ Remote Code Execution |
An attack that allows an attacker to run programs and execute commands on a different computer |
|
ARP Poisoning |
An attack that corrupts the ARP cache |
|
Attachment |
A file that is coupled to an email message and often carries malware |
|
Buffer Overflow Attack |
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer |
|
Client-side Attack |
An attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data |
|
Command Injection |
Injecting and executing commands to execute on a server |
|
Cookie |
A file on a local computer in which a web server stores user-specific information |
|
Cross-site Scripting |
An attack that injects scripts into a web application server to direct attacks at clients |
|
Denial of Service |
An attack that attempts to prevent a system from performing its normal functions by overwhelming the system with requests |
|
Directory Traversal |
An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories |
|
Distributed Denial of Service |
An attack that uses many computers to perform a DoS attack |
|
DNS poisoning |
An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device |
|
Domain Name System (DNS) |
An attack that substitutes DNS addresses so that the computer is automatically redirected to an attacker's device |
|
Extension |
Another name for add-on |
|
First-Party Cookie |
A cookie that is created from the website currently being viewed |
|
Flash cookie |
Another name for locally shared object (LSO) |
|
Host Table |
A list of the mappings of host names to IP addresses |
|
HTTP Header |
Part of the HTTP that is comprised of fields that contain the different characteristics of the data that is being transmitted |
|
HTTP Header Manipulation |
Modifying HTTP headers to create an attack |
|
Integer Overflow Attack |
An attack that is the result of an attacker changing the value of a variable to something outside the range that the programmer had intended |
|
Locally Shared Object (LSO) |
A cookie that is significantly different in size and location from regular cookies, and can store more complex data. Also called a flash cookie |
|
Man-in-the-Middle |
An attack that intercepts legitimate communication and forges a fictitious response to the sender |
|
Persistent Cookie |
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes |
|
Ping |
A utility that sends an ICMP echo request message to a host |
|
Ping Flood |
An attack that uses the Internet Control Message Protocol to flood a victim with packets |
|
Plug-in |
A third party library that attaches to a web browser and can be embedded inside a webpage |
|
Privilege Escalation |
An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing |
|
Replay |
An attack that makes a copy of the transmission before sending it to the recipient |
|
Session Cookie |
A cookie that is stored in RAM, instead of on the hard drive, and only lasts for the duration of a visit to a website |
|
Session Hijacking |
An attack in which an attacker attempts to impersonate the user by using the user's session token |
|
Session Token |
A form of verification used when accessing a secure web application |
|
Smurf Attack |
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim |
|
Spoofing |
Impersonating another computer or device |