Hacking Web Applications

What attack does an attacker saturate an API with a massive volume of traffic from multiple infected computers or botnets to delay the API services to legitimate users?

API DDoS attack

What attack technique does an attacker lure victims via email or a link that is constructed such that the loopholes of remote execution code become accessible, allowing the attacker to obtain access privileges equal to those of authorized users?

Active X attack

What countermeasures should be followed to protect web applications against broken authentication and session management attacks?

Apply pass phrasing with at least five random words

What is Connection Pool DoS?

Attackers examine the connection pooling settings of the target application, construct a large malicious SQL query, and run multiple queries simultaneously to consume all the connections in the connection pool, causing database queries to fail for legitimate users.

What is Blacklist Validation?

Blacklist validation rejects all the malicious inputs that have been disapproved for protected access.

What is a security risk due to the incorrect implementation of applications, allowing attackers to compromise passwords, keys, session tokens, and exploit user identity?

Broken Authentication

Which technique is used by an attacker to connect a fake account on the provider with a victim's account on the client side?

CSRF on authorization response

In which attack does an attacker load the target website inside a low-opacity iframe?

Clickjacking attack

What type of API vulnerability occurs when an input is not sanitized and can be exploited by adding malicious SQL statements to input fields to steal session cookies and user credentials?

Code injections

What attack exploits vulnerabilities in dynamically generated webpages, which enables malicious attackers to inject client-side scripts into webpages viewed by other users?

Cross site scripting

What is a web application attack that is also known as a one-click attack and occurs when a hacker instructs a user's web browser to send a request to a vulnerable website through a malicious web page?

Cross-site request forgery

What is an application security threat that occurs when an application includes untrusted data in a new web page without proper validation or escaping or when an application updates an existing web page with user-supplied data?

Cross-site scripting (XSS)

What practice makes web applications vulnerable to SQL injection attacks?

Database server running OS commands

Which of the following is a timing attack performed by measuring the approximate time taken by a server to process a POST request so that the existence of a username can be deduced?

Direct Timing Attack

What is File Fingerprinting?

File fingerprinting is a process of computing the hash value for a given binary code to identify and track data across a network.

What is Fileless Malware?

Fileless malware, also known as non-malware, infects legitimate software, applications, and other protocols existing in the system to perform various malicious activities.

What is an operation in the web service architecture that involves obtaining the service interface description at the time of development as well as the binding and location description calls at run time?

Find

What is considered a quality checking and assurance technique used to identify coding errors and security loopholes in web applications?

Fuzz testing

In what attack does an attacker repeatedly send some random input to a target API to generate error messages that reveal critical information?

Fuzzing

What types of injection attacks does an attacker exploit vulnerable form inputs, inject HTML code into a webpage, and change the website appearance?

HTML injection

If you are responsible for securing a network from any type of attack and if you have found that one of your employees is able to access any website that may lead to clickjacking attacks, what would you do to avoid the attacks?

Harden Browser permission rules

What technique does an attacker use to replace the value of the data source parameter with that of a rogue Microsoft SQL server?

Hash Stealing

Which countermeasure should be followed to protect web applications against broken access control?

Implement a session timeout mechanism

What technique is used to perform a connection stream parameter pollution (CSPP) attack?

Injecting parameters into a connection string using semicolons as a separator

Which API security risk can be prevented by performing input validation, implementing a parameterized interface for processing inbound API requests, and limiting the number of records returned?

Injection

Which security misconfiguration supports weak algorithms and uses expired or invalid certificates, resulting in data exposure and account theft?

Insufficient transport layer protection

In which layer of the web application vulnerability stack does an attacker exploit business-logic flaws and technical vulnerabilities to perform input validation attacks such as XSS?

Layer 7

What vulnerabilities occur when an application adds files without the proper validation of inputs, thereby enabling an attacker to modify the input and embed path traversal characters?

Local file inclusion

What is Enforcing Least Privileges?

Minimum privileges should be assigned to the operating system where the database management system runs, and the DBMS should never be run as root.

What is Attack on 'Connect' Request

Most sites enable users to access other websites such as LinkedIn, Instagram, and Twitter, via OAuth. An attacker can exploit requests to connect one site to another, i.e., when the user hits the "Login with or Connect" button. Then, he or she can gain illegal access to the client-side user/victim's account by connecting his/her account to the provider's website.

What is an attack that can majorly affect web applications, including the basic level of service, and allows a level of privilege that standard HTTP application methods cannot grant?

Network Access attacks

Which API vulnerability allows attackers to gain unauthorized access to API objects or perform actions such as viewing, updating, or deleting?

No ABAC validation

What is Access Token Reusage

OAuth requires unique access tokens for individual clients. It ensures that these tokens saved on the authorization server are mapped to relevant scopes and time expiry. Access tokens provided for "ClientA" can work for "ClientB". Attackers exploit this feature to perform attacks on clients that allow grants implicitly.

Which attack allows an attacker to encode portions of the attack with Unicode, UTF-8, Base64, or URL encoding to hide their attacks and avoid detection?

Obfuscation Application

What is Output Encoding?

Output encoding means that unsafe characters and strings from untrusted user input are encoded in such a way that they cannot be run as active content.

What attack is possible when an attacker executes .bat or .cmd files and changes the values by superimposing one or more operating-system commands through the request?

Parsing attack

What does the Burp Suite built in tool Intruder Tool do?

Performs customized attacks to find and exploit unusual vulnerabilities

In which type of fuzz testing does the protocol fuzzer send forged packets to the target application that is to be tested?

Protocol-based

Which web-service APIs is programmed to generate, recover, modify, and erase different logs such as profiles, credentials, and business leads?

SOAP API

What protocol provides transport-level security for API messages to ensure confidentiality through encryption and integrity through signature?

SSL

Which countermeasures should be followed to defend against watering-hole attacks?

Secure the DNS server to prevent attackers from redirecting the user to a new location

An attacker exploits a web application by tampering with the form and parameter of the web application and he is successful in exploiting the web application and gaining access. Which type of vulnerability did the attacker exploit?

Security Misconfiguration

What API hacking technique does not target the API or machine code and instead tricks users into divulging their credentials to perform further attacks?

Social Engineering

Which testing is used to detect bugs and irregularities in web applications?

Source Code Review

In one of the features of the RESTful API, the client end stores the state of the session, and the server is restricted to save data during request processing. Which is this feature?

Stateless

If your web application sets any cookie with a secure attribute, what does this mean?

The client will send the cookie only over an HTTPS connection

During a penetration test, a tester finds that the web application being analyzed is vulnerable to XSS. What condition must be met to exploit this vulnerability?

The session cookies do not have the HttpOnly flag set.

What condition must be given to allow a tester to exploit a cross-site request forgery (CSRF) vulnerable web application?

The web application should not use random tokens.

What is Click Event Dropping technique ?

This technique can completely hide a malicious page behind a legitimate page. It can also be used to set the CSS pointer-events property of the top to none. This can cause click events to drop through the legitimate masked page and registers only the malicious page

An attacker tries to enumerate the username and password of an account named "rini Mathew" on wordpress.com. On the first attempt, the attacker tried to login as "rini.mathews," which resulted in the login failure message "invalid email or username." On the second attempt, the attacker tried to login as "rinimathews," which resulted in a message stating that the password entered for the username was incorrect, thus confirming that the username "rinimathews" exists. What is the attack that is performed by the attacker?

Username enumeration

While performing data validation of web content, a security technician is required to restrict malicious input. Which process is an efficient way of restricting malicious input?

Validate web content input for type, length, and range

Which of the following components of the web service architecture is an extension of SOAP and can be used to maintain the integrity and confidentiality of SOAP messages?

WS-Security

What metadata format does the SOAP API use to reveal a large amount of technical information such as paths, parameters, and message formats?

WSDL/XML-Schema

Which APIs is a user-defined HTTP callback or push API that is raised based on events triggered, such as receiving a comment on a post or pushing code to the registry?

Webhook

What is a Frame Injection attack?

When scripts do not validate their input, attackers inject code through frames. This affects all the browsers and scripts that do not validate untrusted input. These vulnerabilities occur in HTML pages with frames. Another reason for this vulnerability is that web browsers support frame editing.

What is a Attack on 'redirect_uri'

While registering, the domain is usually specified by the client and only those "redirect_uri" on the specific domain are permitted. If an attacker can identify vulnerabilities such as XSS on a web page on the client domain, he/she can exploit them to capture authorization code.

What is White list validation?

Whitelist validation is a best practice whereby only the list of entities (i.e., data type, range, size, value, etc.) that have been approved for secured access is accepted. Whitelist validation can also be termed as positive validation or inclusion.

Which technology do SOAP services use to format information?

XML

What is a Command Injection?

a hacker alters the content of the web page by using HTML code and by identifying the form fields that lack valid constraints.

What is a Request Forgery Attack?

attackers exploit the trust of a website or web application on a user's browser. The attack works by including a link on a page, which takes the user to an authenticated website.

What is a Session Fixation attack?

helps attackers hijack valid user sessions. They authenticate themselves using a known session ID and then use the known session ID to hijack a user-validated session. Thus, attackers trick users and access a genuine web server using an existing session ID value.

What does the Burp Suite built in tool Intercepting Proxy do?

inspecting and modifying traffic between your browser and the target application

What is Cropping technique?

only the selected controls from the transparent page are overlaid. This technique depends on the goal of the attack and may involve masking buttons with hyperlinks and text labels with false information, changing the button labels with wrong commands, and completely covering the legitimate page with misleading information while exposing only one original button.

What parameter defines the level of access to an application to redirect a user agent to the authorization server?

scope

What does the Burp Suite built in tool Application Aware do?

spider for crawling content and functionality

What does the Burp Suite built in tool Sequence Tool do?

testing the randomness of session tokens

What is Rapid content replacement technique?

the targeted controls are covered by opaque overlays that are removed only for a moment for registering a click. An attacker using this technique needs to accurately predict the time taken by the victim to click on the web page.

What is Complete Transparent Overlay Technique?

the transparent, legitimate page or tool page is overlaid on the previously designed malicious page. Then, it is loaded into an invisible iframe and the higher z-index value is assigned for positioning it on top