Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
37 Cards in this Set
- Front
- Back
|
add-ons:
|
Programs that provide additional functionality to Web Browsers
|
|
|
Address Resolution Protocol:
|
Part of the TCP/IP protocol for determining the MAC address based on the IP address
|
|
|
ARP poisoning:
|
An attack that corrupts the ARP cache
|
|
|
attachments:
|
Files that are couples to e-mail messages.
|
|
|
buffer overflow:
|
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
|
|
|
client-side attack:
|
An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data
|
|
|
cookie:
|
A file on a local computer in which a server stores user-specific information
|
|
|
command injection:
|
Injecting and executing commands to execute on a server
|
|
|
cross-site scripting(XSS):
|
An attack that injects scripts into a web application server to direct attacks at clients.
|
|
|
denial of service(DoS):
|
An attack that attempts to prevent a system from performing its normal functions
|
|
|
directory traversal:
|
An attack that takes advantage of a vulnerability in the Web application program of the Web server software so that a user can move from the root directory to other restricted directories.
|
|
|
distributed denial of service(DDoS):
|
an attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with request.
|
|
|
DNS poisoning:
|
An attack that substitutes DNS addresses so that the computer is automatically redirected to another device.
|
|
|
first-part cookie:
|
A cookie that is created from the web site that currently is being viewed
|
|
|
flash cookie:
|
A cookies named after the Adobe Flash player. Also known as local shared objects(LSOs).
|
|
|
host table:
|
A list of the mappings of names to computer number
|
|
|
HTTP header:
|
Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted
|
|
|
HTTP header manipulation:
|
Modifying HTTP headers to create an attack
|
|
|
man-in-the-middle:
|
An attack that intercepts legitimate communication and forges a fictitious response to the sender
|
|
|
persistant cookie(tracking cookie)
|
A cookie that is recorded on the hard drive of the computer and does not expire when the browser does.
|
|
|
ping:
|
A utility that sends a ICMP echo request message to a host
|
|
|
ping flood:
|
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
|
|
|
privilege escalation:
|
An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
|
|
|
replay:
|
An attack that makesa copy of the transmission before sending it to the recipient
|
|
|
secure cookie:
|
a cookie that is stored in Random access memory, instead of on the hard drive, and only last for the duration of visiting a web site.
|
|
|
session hijacking
|
an attack in which an attacker attempts to impersonate the user by using his session token
|
|
|
session token:
|
A form of verification used when accessing a secure web application.
|
|
|
smuf atttack:
|
An attack that broadcast a ping request
|
|
|
smuf attack:
|
An attack that broadcast a ping request to all computers on the network yet changes the address from which the request came to that of the target.
|
|
|
spoofing:
|
Impersonating another computer or device
|
|
|
SQL injection:
|
An attack that targets SQL servers by injecting commands to be manipulated by the database
|
|
|
SYN flood attack:
|
An attack that takes advantage of the procedures for initiating a TCP session.
|
|
|
third-party cookies:
|
A cookie that was created by a third party that is different from the primary web.
|
|
|
transitive access:
|
An attack involving using a third party to gain access rights.
|
|
|
XML (Extensible Markup Language)
|
A markup language that is designed to carry data instead of indicating how to display it.
|
|
|
XML injection
|
An attack that injects XLM tags and data into a database.
|
|
|
zero day attacks
|
Attacks that exploit previously unknown vulnerabilities, so victims have no time(zero days) to prepare or defend against the attacks.
|
