1/4
Looks like no tags are added yet.
Name | Mastery | Learn | Test | Matching | Spaced |
---|
No study sessions yet.
If the application allows redirection to any URL,
this creates a situation known as an unvalidated redirect, which an attacker may use to redirect the user to a malicious site
Developers seeking to include redirection options in their application should perform
validated redirects that check redirection URLs against an approved list.
Reflected XSS
attacks commonly occur when an application allows reflected input. The key to this attack is that it’s possible to embed form input in a link
Stored XSS
stores cross-site scripting code on a remote web server. These attacks are described as persistent because they remain on the server even when the attacker isn’t actively waging an attack
In a parameterized query,
the client does not directly send SQL code to the database server. Instead, the client sends arguments to the server, which then inserts those arguments into a precompiled query template. This approach protects against injection attacks and also improves database performance. Stored procedures are an example of an implementation of parameterized queries used by some database platforms