Module5(B)

This set of flashcards covers key concepts from Chapter 5, focusing on understanding and mitigating risks, threats, and vulnerabilities associated with websites.

What is the primary learning objective of Chapter 5?

Identifying and mitigating web-related risks, threats, and vulnerabilities.

What types of traffic are analyzed for e-commerce websites?

Visitor location, visitor sources, visitor type, visitor navigation, average time on site, and leave rate.

What is Google Analytics commonly used for?

To analyze website traffic and visitor behavior.

What is a demographic profile based on?

Various criteria including age range, gender, marital status, geographical location, and occupation.

What interactive elements do websites use to engage visitors?

Forums, surveys, feedback forms, and emails.

What are the advantages of forums on websites?

Repeat visitors, increased keyword exposure, email address acquisition, demographic data gathering, and support for online relationships.

What is one disadvantage of maintaining a forum?

Requirement for technical expertise and content monitoring.

What type of form allows visitors to communicate feedback on a website?

Website feedback forms and online surveys.

What does OWASP stand for?

Open Web Application Security Project.

Name one of the OWASP Top 10 Threats.

Broken access control.

What is a mitigation strategy for cryptographic failures?

Encrypt sensitive data at rest and in transit.

What type of attack does SQL injection fall under?

Injection flaws.

What is meant by insecure design in web threats?

Omission or incorrect application of security measures.

How can security misconfigurations be mitigated?

Through security audits and training.

What is the impact of vulnerable and outdated components?

Increased risk due to lack of updates and vulnerability management.

What is the purpose of Multi-factor Authentication (MFA)?

To provide an additional layer of security during the authentication process.

How can logging failures be mitigated?

By ensuring critical actions and errors are logged properly.

What is Server-Side Request Forgery (SSRF)?

An attack that sends requests to unintended locations by manipulating server software.

What are some common web threats not included in the OWASP Top 10?

Information leakage and improper error handling.

What is the danger of unsecure communications?

Susceptibility to data theft and other forms of tampering.

How can unauthorized URL access be restricted?

By implementing access control for each function.

What kind of attacks fall under client-side attacks?

Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks.

What are some best practices to mitigate web attacks?

Deploy encryption strategies and user education.

What does the leave (bounce) rate indicate?

The percentage of visitors who leave the site after viewing only one page.

What is a customer profile?

A description of your customer based on various criteria guiding site design.

How can feedback from visitors be effectively gathered through surveys?

By making them brief and focused on eliciting useful information.

What is the risk involved in allowing user comments on a website?

Phishing, bullying, and cyberstalking.

What is a common characteristic to assess when analyzing website traffic?

Visitor navigation patterns.

How can security measures be incorporated during a website's design phase?

By planning for security from the outset to mitigate risks.

What is the principle of least privilege?

Limiting access rights for users to the bare minimum they need to perform their job.

What should be tracked as part of maintaining secure software components?

Installed software versions and dependencies.

How can suspicious activities on a website be detected?

Through effective monitoring and notification procedures.

What is a common tool used for web analytics besides Google Analytics?

Map Overlays.

What does failing to restrict URL access lead to?

Hidden URLs and exposure to sensitive data.

What should a comprehensive security strategy include?

General network security procedures and user education.

Why is it important to implement patch management processes?

To keep systems up-to-date and secure from known vulnerabilities.

What is the use of digital signatures in software updates?

To ensure the update is from the expected source and has not been tampered with.

What does encryption protect in web security?

Sensitive data at rest and in transit.

What are

Mitigation strategies and defenses implemented to protect against web threats.

What are some threats to user data on websites?

Phishing, data breaches, and inadequate encryption.

What is the purpose of website analytics?

To gather insights on visitor behavior and improve user experience.

Define 'online privacy'.

The right of individuals to control how their personal information is collected and used online.

What role do cookies play in web analytics?

Cookies track user activity on a website to gather data for analytics.

What is a DDoS attack?

Distributed Denial of Service attack that aims to overwhelm a website with traffic.

What is HTTPS?

Hypertext Transfer Protocol Secure, a secure version of HTTP that encrypts data exchanged between users and websites.

Name a method to enhance online security for users.

Two-factor authentication (2FA) is a method that adds an extra layer of security by requiring two forms of identification.

What is meant by data encryption?

The process of converting sensitive information into a code to prevent unauthorized access.

What does vulnerability assessment involve?

Identifying, quantifying, and prioritizing vulnerabilities in a system.

What is the role of a Content Delivery Network (CDN) in web performance?

A CDN caches content at multiple locations around the globe to improve loading speeds and reduce latency.