1.3 Given a scenario, analyze potential indicators associated with application attacks

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/27

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

28 Terms

1
New cards

Privilege escalation

An attack that exploits a vulnerability in software to gain access to resources that user normally would be restricted from accessing.

2
New cards

Cross-site scripting

An attack that injects scripts into a web application server to direct attacks at clients.

3
New cards

Injections

An attack that introduces new input to exploit a vulnerability.

4
New cards

Structured Query Language (SQL)

A language used to create and manipulate databases.

5
New cards

Dynamic-link library (DLL)

Shared code module that is treated as part of the operating system or server process so it can be dynamically invoked at run time.

6
New cards

Lightweight Directory Access Protocol (LDAP)

A protocol for a client application to access an X.500 directory.

7
New cards

Extensible Markup Language (XML)

A markup language that describes document content instead of adding structure or formatting to document content. A simplified version of SGML.

8
New cards

Pointer/object dereference

A flaw that results in a pointer given a NULL instead of valid value.

9
New cards

Directory traversal

An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.

10
New cards

Buffer overflows

An attack that occurs when a process attempts to store data in TAM beyond the boundaries of a fixed-length storage buffer.

11
New cards

Race conditions

A software occurrence when two concurrent threads of execution access a shared resource simultaneously, resulting in unintended consequences.

12
New cards

Time of check/time of use

A class of software bug caused by changes in a system between the checking of a condition (such as a security credential) and the use of the results of that check.

13
New cards

Error handling

A programming process that handles errors gracefully.

14
New cards

Improper input handling

Software that allows the user to enter data but does not validate or filter user input to prevent a malicious action.

15
New cards

Replay attack

An attack that makes a copy of the transmission before sending it to the recipient.

16
New cards

Session replays

the attacker listens to the conversation between the user and the server and captures the authentication token of the user. Once the authentication token is captured, the attacker replays the request to the server with the captured authentication token to dodge the server and gains unauthorized access to the server.

17
New cards

Integer overflow

An attack that occurs when an attacker changes the value of a variable to by using an integer overflow.

18
New cards

Request forgeries

An attack that forces authenticated users to submit a request to a Web application against which they are currently authenticated.

19
New cards

Server-side

Something that operates on the "server" computer (providing the Web page), as opposed to the "client" computer (which is you or someone else viewing the Web page). Usually it is a program or command or procedure or other application causes dynamic pages or animation or other interaction.

20
New cards

cross-site request forgery (XSRF)

An attack that uses the user's web browser settings to impersonate that user.

21
New cards

Application programming interface (API) attacks

The unauthorized use of an application program interface to get at data that you would not normally have access to via an applications front end.

22
New cards

Resource exhaustion

A situation in which a hardware device with limited resources (CPU, memory, file system storage, etc.) is exploited by an attacker who intentionally tries to consume more resources than intended.

23
New cards

Memory leak

A vulnerability that occurs when an application dynamically allocates memory but does not free that memory when finished using it.

24
New cards

Secure Sockets Layer (SSL) stripping

A technique that involves removing the encryption between a client and a website.

25
New cards

Driver manipulation

An attack that relies on compromising the kernel-mode device drivers that operate at a privileged or system level

26
New cards

Shimming

Transparently adding a small coding library that intercepts calls made by the device and changes the parameters passed between the device and the device driver.

27
New cards

Refactoring

Changing the design of existing code.

28
New cards

Pass the hash

An attack in which the user sends the hash to a remote system to then be authenticated on an NTLM system.