Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
28 Cards in this Set
- Front
- Back
|
ActiveX
|
A set of rules for how applications under the Microsoft Windows operating system should share information
|
|
|
Buffer overflow attack
|
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixedlength storage buffer
|
|
|
Command injection
|
Injecting and executing commands to execute on a server.
|
|
|
Denial of Service
|
An attack that attempts to prevent a system from performing its normal functions by overwhelming the system with requests
|
|
|
Directory Traversal attack
|
An attack that takes advantage of a vulnerability so that a user can move from the root directory to restricted directories
|
|
|
DNS cache poisoning
|
AnattackthatsubstitutesDNSaddressessothatthe computerisautomaticallyredirectedtoanattacker’sdevice
|
|
|
Drive-by download attack
|
results in a user’s computer becoming compromised |
|
|
Flash cookie
|
Another name for locally shared object (LSO)
|
|
|
Session Hijacking
|
is an attack in which an attacker attempts to impersonate the user by using |
|
|
Host Table
|
A list of the mappings of host names to IP addresses
|
|
|
How can you erase an entire SQL database table?
|
whatever’; DROP TABLE members; -- |
|
|
How do you control where users can go on your website?
|
? |
|
|
HTTP Header
|
Part of HTTP that is comprised of fields that contain the different characteristics of the data that is being transmitted.
|
|
|
Microsoft IIS
|
Microsoft's web server (Make your own webpage) Can be turned on in "Turn on/off windows features" |
|
|
Passive man-in-the-middle
|
the attacker captures the data that is being transmitted, records it, and then sends it on to the original recipient without the attacker’s presence being detected. |
|
|
Privilege Escalation
|
An attack that exploits a vulnerability in software to gain access to resources that the user normally would be restricted from accessing
|
|
|
Replay
|
An attack that makes a copy of the transmission before sending it to the recipient
|
|
|
Session Hijacking
|
An attack in which an attacker attempts to impersonate the user by using the user’s session token
|
|
|
Session Token
|
A form of verification used when accessing a secure web application.
|
|
|
Smurf attack
|
An attack that broadcasts a ping request to computers yet changes the address so that all responses are sent to the victim
|
|
|
SQL Injection
|
An attack that targets SQL servers by injecting commands to be manipulated by the database
|
|
|
Syn flood attack
|
An attack that takes advantage of the procedures for initiating a TCP/IP session
|
|
|
What does ../ do in Linux? Why is it dangerous?
|
Traverses up one directory level. Could display the contents of a document |
|
|
What is ARP poisoning?
|
An attack that corrupts the ARP cache
|
|
|
What is significant about web-based attacks?
|
is a serious threat. Attackers first identify a vulnerable web server and inject content by exploiting the server through vulnerable scripting applications. These vulnerabilities permit the attacker to gain direct access to the server’s underlying operating system and then inject new content into the compromised website. To avoid visual detection, the attackers often craft a zero-pixel IFrame |
|
|
whatever' OR full_name LIKE ‘%Mia%’
|
Find specific users |
|
|
whatever; AND email IS NULL; --
|
Determine the names of different fields in the database |
|
|
XSS (Cross Site Scripting)
|
XSS injects scripts into a web application server to direct attacks at unsuspecting clients. |
