Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
9 Cards in this Set
- Front
- Back
|
SQL injection & Cross Site Scripting (XSS)
|
most web browsers can interpret scripts embedded in web pages. If untrusted content can be introduced into a dynamically generated page, neither the server nor the client has enough information to recognize this has happened and take protective action.
|
|
|
IIS Buffer Overflows - HTR
|
– occur when programs don’t adequately check input for appropriate length and unexpected input ‘overflows’ onto the execution stack which can launch code of the hacker’s choice. Hackers writes appropriate ‘shellcode’ and positions it near the point where the buffer overflows the execution stack so that the shellcode ends up in the stack and can be returned to and executed. It can allow unauthenticated remote control of a system.
|
|
|
Directory Traversal via Unicode
|
goal is to access computer files which are not intended to be accessible
o Unicode - %c0%af and %c1%9c are overlong UNICODE representations for ‘/’ and ‘\’ (there are others). IIS5 decoded these UNICODE values at the wrong time arbitrary commands issued on server. |
|
|
Source Code Disclosure
|
malicious hacker attempts unauthorized look at source code of sensitive scripts or other application support files. Result for combination of IIS bugs and poor web programming practices (hard-coding sensitive information in the source code of web-accessible (without code encapsulation) .asp scripts for example. Exploit happens when a request for an ISAPI dll by an extension is not directly routed to that dll but is first intercepted by another processing engine installed on IIS such as WebDAV. If this other dll contains source code flaws the .asp file’s source code rather than having it executed on the server.
|
|
|
2 or more FWs + IDS + OS hardening + SW FW
|
multiple security layers
|
|
|
DMZ – Demilitarized Zone
|
network segment isolated from rest of network by two or more firewalls, preferably from different vendors
|
|
|
Host-based IDs
|
identifies intrusions through analysis of logs, calls, file system changes and other activities, e.g., OSSEC (open source) and Tripwire (commercial)
|
|
|
Network-based IDs
|
examines network traffic for intrusion attempts / unauthorized access via sensors, e.g., SNORT and Suricata (both open source)
|
|
|
Security Scanner (e.g., MBSA, Nessus, Retina)
|
(e.g., Nessus, Retina, MBSA, Saint) also known as Vulnerability Managers; 3rd layer of security
|
