Software Security - Week 13

Flashcards for reviewing web security concepts from SWE210 lecture notes.

Web Security

Protecting networks and computer systems from damage or theft of software, hardware, or data.

Web Security

Maintains the smooth operation of businesses using computers and prevents manipulation by hackers and malware.

Denial-of-Service (DoS) Attack

An attack where an attacker causes a web server to be unavailable.

distributed DoS (DDoS)

DoS attack using lots of computers.

Direct attack

Attacking the machine itself in a DoS attack.

Indirect attack

Attacking something that points to the machine in a DoS attack.

Reputation attack

Attack that references the machine in some way but doesn't directly involve it.

SYN Flooding

Subverts the TCP/IP 3-way handshake by sending many SYN requests.

Packet sniffing

Listening to traffic sent on a network.

Password cracking

Guessing the passwords of privileged users of a system.

Brute force attack

Attacker uses software that sequentially tries every possible password.

Dictionary attack

Attacker uses software that sequentially tries passwords based on words in a dictionary.

Phishing

Masqueraded emails or websites used to trick users.

Social engineering

Attempts to manipulate users, such as fraudulently acquiring passwords or credit card numbers.

Man-in-the-middle attack

Attacker sits between two communication endpoints and silently intercepts traffic.

Privilege escalation

Attacker becomes able to run code on your server as a privileged user.

Security through obscurity

Relying on the fact that attackers don't know something needed to harm you.

Principle of least privilege

Having just enough authority to get the job done and no more.

Sanitizing inputs

Encoding and filtering untrusted user input before accepting it into a trusted system.

Security audit

Series of checks and questions to assess the security of your system.