Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
Cross-site scripting
|
one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications.
|
|
|
Buffer overflows
|
are Mother Nature's little reminder of that law of physics that says: if you try to put more stuff into a container than it can hold, you're going to make a mess. The scourge of C applications for decades, buffer overflows have been remarkably resistant to elimination.
|
|
|
CSRF
|
Cross-Site Request Forgery.
|
|
|
Hard-coding
|
If the password is the same across all your software, then every customer becomes vulnerable if (rather, when) your password becomes known. Because it's hard-coded, it's usually a huge pain for sysadmins to fix.
|
|
|
What topic was discussed in #13?
|
Improper Control of Filename for Include/Require Statement in PHP Program
|
|
|
What topic was discussed in #19?
|
Missing Authentication for Critical Function.
|
|
|
What topic was discussed in #20?
|
Download of Code Without Integrity Check.
|
|
|
lack of control over resource allocation.
|
it is an avenue for attackers to cause a denial of service against other users of your software, possibly the entire system - and in some cases, this can be leveraged to conduct other more devastating attacks.
|
|
|
Race Condition.
|
It can involve multiple processes in which the attacker has full control over one process. Even when the race condition occurs between multiple threads, the attacker may be able to influence when some of those threads execute. Your only comfort with race conditions is that data corruption and denial of service are the norm.
|
|
|
When can trouble occur?
|
Software developers often rely on untrusted inputs in the same way, and when these inputs are used to decide whether to grant access to restricted resources
|
|
|
What is SQL injection?
|
It is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
|
|
|
What is the other term for Cross-site request forgery?
|
one-click attack or session riding.
|
|
|
What is PII?
|
Personally Identifiable Information.
|
|
|
What is Open redirect?
|
It is an application that takes a parameter and redirects a user to the parameter value without any validation.
|
|
|
What is race condition?
|
It is a flaw in an electronic system or process whereby the output and/or result of the process is unexpectedly and critically dependent on the sequence or timing of other events.
|
