Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
10 Cards in this Set
- Front
- Back
|
What is (XSS)?
|
Cross-site scripting is one of the most prevalent, obstinate, and dangerous vulnerabilities in web applications
|
|
|
What is Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection') is all about?
|
s all about the data: getting it into the database, pulling it from the database, massaging it into information, and sending it elsewhere for fun and profit. If attackers can influence the SQL that you use to communicate with your database, then suddenly all your fun and profit belongs to them
|
|
|
What is Buffer overflows?
|
are Mother Nature's little reminder of that law of physics that says: if you try to put more stuff into a container than it can hold, you're going to make a mess
|
|
|
What is CSRF?
|
Cross-Site Request Forgery
|
|
|
What is Improper Access Control (Authorization)?
|
Is software's users are only doing what they're allowed to, then attackers will try to exploit your improper authorization and exercise unauthorized functionality that you only intended for restricted users.
|
|
|
What is Reliance on Untrusted Inputs in a Security Decision?
|
is typically expected to verify the purchaser's age by checking a driver's license or other legally acceptable proof of age
|
|
|
What is Path Traversal?
|
Is use an outsider's input while constructing a filename, the resulting path could point outside of the intended directory.
|
|
|
What is use an outsider's input while constructing a filename, the resulting path could point outside of the intended directory?
|
But the name of the uploaded file could contain a dangerous extension such as .php instead of .gif, or other information (such as content type) may cause your server to treat the image like a big honkin' program.
|
|
|
What is Improper Sanitization of Special Elements used in an OS Command?
|
Is software is often the bridge between an outsider on the network and the internals of your operating system
|
|
|
What is Missing Encryption of Sensitive Data all about?
|
is sensitive data is being stored or transmitted anywhere outside of your control, attackers may be looking for ways to get to it.
|
