Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
25 Cards in this Set
- Front
- Back
|
How do attackers implement cross-site scripting onto your website?
|
Attackers can insert Javascript and other browser-executable commands into your web application so as to generate possibly malicious content.
|
|
|
What are the consequences of SQL injection to your system?
|
The consequences of SQL injection include the loss of data as it is stolen by the attackers or bypass of security where your database is at the mercy of the attackers.
|
|
|
Why are classic buffer overflows regarded as one of the top 25 programming errors despite the fact that it is too easy to remedy?
|
This is because of the frequency of when the error is being done. Classic buffer overflow is so widely encountered that many languages, such as Java and Perl, have implemented measures to eliminate it.
|
|
|
What are the consequences of Cross-Site Request Forgery?
|
The consequences include loss of data due to the attacker's access to your database and code execution since it has been authorized to act as an administrator.
|
|
|
What is the main issue concerning Improper Access Control?
|
Security, seeing as the attacker gains access to parts of your system that he or she was not originally intended to access.
|
|
|
What is the problem with the error of Reliance on Untrusted Inputs in a Security Decision?
|
The problem lies in the security of the system. If the system accepts input from an unknown source, this creates a risk in security seeing as the input may contain a malicious script or program.
|
|
|
How can Path Traversal be avoided?
|
It can be avoided by making the names of your files, folders, and other relevant objects less obvious, i.e. hard to guess from an outsider's point of view.
|
|
|
How can problems regarding Unrestricted Upload of File with Dangerous Type be avoided?
|
If your site allows users to upload content, then it would be wise to provide your own file name for the uploaded file instead of the one that the user provided so as to prevent any hidden script to function.
|
|
|
What is the consequence of OS Command Injection?
|
The usual consequence is the execution of the attacker's commands. This problem is closely linked to the reliance on untrusted inputs in a security decision error.
|
|
|
Why should sensitive data be encrypted?
|
Sensitive data usually refers to passwords, credit card numbers, and such data. They should be encrypted so as to prevent attackers from using them to masquerade as the original user or take advantage of what the original user has, such as credit or bank accounts.
|
|
|
Why is hard-coding security credentials bad for your system?
|
This is because system administrators will have a hard time whenever a problem concerning it pops out. Also, it is easier for reverse engineers to gain knowledge about it if it is hard-coded rather than stored in a database.
|
|
|
What are the consequences of the problem of Buffer Access with Incorrect Length Value?
|
The consequences include: attacker's execution of their code onto your system, denial of service attacks since your system cannot handle the attacker's inputs, and loss of data since they cannot be entered into your system.
|
|
|
What are the consequences of PHP File Inclusion?
|
The main consequence of PHP file inclusion is the execution of PHP code onto your system. Another possible consequence is loss of data.
|
|
|
Why should you validate inputs on array indices?
|
This is to prevent the attacker from providing indices that are out of the range of your original array. "Unexpected behavior" on the part of your system would include: data loss, denial of service, and code execution.
|
|
|
How is the error of Improper Check for Unusual or Exceptional Conditions similar to the improper validation of array indices?
|
They are similar in the way that they don't provide validation for important processes. Their consequences are also similar in that both can result to loss of data, code execution, and denial of service attacks.
|
|
|
What are the consequences of Information Exposure Through an Error Message?
|
The main result of this error is data loss.
|
|
|
Why is Integer wraparound dangerous?
|
It could seriously compromise the data in the system in ways that make it almost impossible to reverse the effect.
|
|
|
What are the consequences of the error of Incorrect Calculation of Buffer Size?
|
Consequences include: the execution of the attacker's code, denial of service attacks, and loss of data.
|
|
|
Why is authentication important in critical functions?
|
Why isn't it important? Client-side and Server-side authentication is important so as to provide added security to your system.
|
|
|
What are the consequences of the error of Download of Code Without Integrity Check?
|
The main consequence of this error is the execution of the attacker's code.
|
|
|
What is the main concern regarding Incorrect Permission Assignment for Critical Resource?
|
The main concern with this problem is security, on whether an attacker can gain access to resources that are vital to your system's performance.
|
|
|
How can the error of Allocation of Resources Without Limits or Throttling be avoided?
|
By specifying the minimum and maximum expectations of capabilities and requirements of the system.
|
|
|
What is the consequence of the problem of Open Redirect?
|
Open redirect, which redirects the user to a malicious site, results in code execution, data loss, and denial of service attacks.
|
|
|
Why is developing your own cryptography algorithm not very advisable?
|
This is because cryptography is very hard work and most algorithms are very easy to crack. Nobody has perfected it yet, and most attackers can crack DIY cryptography.
|
|
|
How does a race condition problem occur?
|
It is when attackers purposely try to use up the same resources as your system so as to adversely affect how your system performs.
|
