Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
What is Cross-Site Scripting?
|
Cross site scripting (also known as XSS) occurs when a web application gathers malicious data from a user. The data is usually gathered in the form of a hyperlink which contains malicious content within it. The user will most likely click on this link from another website, instant message, or simply just reading a web board or email message. malicious attackers to inject client-side script into web pages viewed by other users.
|
|
|
What is SQL injection?
|
It is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
|
|
|
What is the other term for Cross-site request forgery?
|
one-click attack or session riding
|
|
|
What is Buffer Overflow?
|
A buffer overflow condition exists when a program attempts to put more data in a buffer than it can hold or when a program attempts to put data in a memory area past a buffer
|
|
|
How does OS Command Injection occurs?
|
It occurs when an attacker attempts to execute system level commands through a vulnerable application.
|
|
|
What does the acronym PII stands for?
|
personally identifiable information
|
|
|
What is Open redirect?
|
It is an application that takes a parameter and redirects a user to the parameter value without any validation.
|
|
|
What is race condition?
|
It is a flaw in an electronic system or process whereby the output and/or result of the process is unexpectedly and critically dependent on the sequence or timing of other events.
|
|
|
How can we describe Classic Buffer Overflow?
|
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer
|
|
|
What is the main intention in using Path Traversal Attack?
|
It aims to access files and directories that are stored outside the web root folder.
|
|
|
How does PHP file inclusion happen?
|
The PHP application receives input from an upstream component
|
|
|
How can we describe Buffer Access with Incorrect Length Value?
|
The software uses a sequential operation to read or write a buffer
|
|
|
How can we describe Improper Check for Unusual or Exceptional Conditions?
|
The software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
|
|
|
What is Improper Validation of Array Index?
|
It is a flaw related to improper use of user input. Most programming languages has support for array structure.
|
|
|
How can we describe Integer Overflow or Wraparound?
|
The software performs a calculation that can produce an integer overflow or wraparound
|
|
|
How can we describe Incorrect Calculation of Buffer Size?
|
The software does not correctly calculate the size to be used when allocating a buffer
|
|
|
How does Download of Code Without Integrity Check happen?
|
An attacker can execute malicious code by compromising the host server
|
|
|
How does Allocation of Resources Without Limits or Throttling happen?
|
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated
|
|
|
How can we describe Improper Access Control (Authorization)?
|
The software does not perform or incorrectly performs access control checks across all potential execution paths.
|
|
|
How can we describe Reliance on Untrusted Inputs in a Security Decision?
|
The application uses a protection mechanism that relies on the existence or values of an input
|
|
|
How can we describe Missing Encryption of Sensitive Data?
|
The software does not encrypt sensitive or critical information before storage or transmission.
|
|
|
How can we describe Use of Hard-coded Credentials?
|
The software contains hard-coded credentials
|
|
|
How can we describe Missing Authentication for Critical Function?
|
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
|
|
|
How can we describe Incorrect Permission Assignment for Critical Resource?
|
The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
|
|
|
What is Use of a Broken or Risky Cryptographic Algorithm?
|
Attempting to create non-standard and non-tested algorithms
|
