• Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

Card Range To Study

through

image

Play button

image

Play button

image

Progress

1/25

Click to flip

Use LEFT and RIGHT arrow keys to navigate between flashcards;

Use UP and DOWN arrow keys to flip the card;

H to show hint;

A reads text to speech;

25 Cards in this Set

  • Front
  • Back
What is Cross-Site Scripting?
It is a type of computer security vulnerability typically found in web applications that enables malicious attackers to inject client-side script into web pages viewed by other users.
What is SQL injection?
It is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
What is the other term for Cross-site request forgery?
one-click attack or session riding
How can we describe Unrestricted Upload of File with Dangerous Type?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
How does OS Command Injection occurs?
It occurs when an attacker attempts to execute system level commands through a vulnerable application.
What does the acronym PII stands for?
personally identifiable information
What is Open redirect?
It is an application that takes a parameter and redirects a user to the parameter value without any validation.
What is race condition?
It is a flaw in an electronic system or process whereby the output and/or result of the process is unexpectedly and critically dependent on the sequence or timing of other events.
How can we describe Classic Buffer Overflow?
The program copies an input buffer to an output buffer without verifying that the size of the input buffer is less than the size of the output buffer, leading to a buffer overflow.
What is the main intention in using Path Traversal Attack?
It aims to access files and directories that are stored outside the web root folder.
How does PHP file inclusion happen?
The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions.
How can we describe Buffer Access with Incorrect Length Value?
The software uses a sequential operation to read or write a buffer, but it uses an incorrect length value that causes it to access memory that is outside of the bounds of the buffer.
How can we describe Improper Check for Unusual or Exceptional Conditions?
The software does not check or improperly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the software.
What is Improper Validation of Array Index?
It is a flaw related to improper use of user input. Most programming languages has support for array structure.
How can we describe Integer Overflow or Wraparound?
The software performs a calculation that can produce an integer overflow or wraparound, when the logic assumes that the resulting value will always be larger than the original value. This can introduce other weaknesses when the calculation is used for resource management or execution control.
How can we describe Incorrect Calculation of Buffer Size?
The software does not correctly calculate the size to be used when allocating a buffer, which could lead to a buffer overflow.
How does Download of Code Without Integrity Check happen?
An attacker can execute malicious code by compromising the host server, performing DNS spoofing, or modifying the code in transit.
How does Allocation of Resources Without Limits or Throttling happen?
The software allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on how many resources can be allocated, in violation of the intended security policy for that actor.
How can we describe Improper Access Control (Authorization)?
The software does not perform or incorrectly performs access control checks across all potential execution paths.
How can we describe Reliance on Untrusted Inputs in a Security Decision?
The application uses a protection mechanism that relies on the existence or values of an input, but the input can be modified by an untrusted actor in a way that bypasses the protection mechanism.
How can we describe Missing Encryption of Sensitive Data?
The software does not encrypt sensitive or critical information before storage or transmission.
How can we describe Use of Hard-coded Credentials?
The software contains hard-coded credentials, such as a password or cryptographic key, which it uses for its own inbound authentication, outbound communication to external components, or encryption of internal data.
How can we describe Missing Authentication for Critical Function?
The software does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.
How can we describe Incorrect Permission Assignment for Critical Resource?
The software specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
What is Use of a Broken or Risky Cryptographic Algorithm?
Attempting to create non-standard and non-tested algorithms, using weak algorithms, or applying algorithms incorrectly will pose a high weakness to data that is meant to be secure.