Attacks + Validation

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/4

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

5 Terms

1
New cards

If the application allows redirection to any URL,

this creates a situation known as an unvalidated redirect, which an attacker may use to redirect the user to a malicious site

2
New cards

Developers seeking to include redirection options in their application should perform

validated redirects that check redirection URLs against an approved list.

3
New cards

Reflected XSS

attacks commonly occur when an application allows reflected input. The key to this attack is that it’s possible to embed form input in a link

4
New cards

Stored XSS

stores cross-site scripting code on a remote web server. These attacks are described as persistent because they remain on the server even when the attacker isn’t actively waging an attack

5
New cards

In a parameterized query,

the client does not directly send SQL code to the database server. Instead, the client sends arguments to the server, which then inserts those arguments into a precompiled query template. This approach protects against injection attacks and also improves database performance. Stored procedures are an example of an implementation of parameterized queries used by some database platforms