9.1 Web Applications
Which of the following methods should you use to prevent SQL injection attacks?
Perform input validation
As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view.
Pop-up blocker
An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?
SQL injection
Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?
XSS
A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?
Buffer overflow
Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?
Buffer overflow
What is the most common attack waged against Web servers?
Buffer overflow
Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?
Buffer overflow
Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?
Buffer overflow
You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?
Client-side scripts
Which of the following are subject to SQL injection attacks?
Database servers
What type of attack has occurred?
Drive-by download