9.1 Web Applications

Which of the following methods should you use to prevent SQL injection attacks?

Perform input validation

As you browse the Internet, you notice that when you go to some sites, multiple additional windows are opened automatically. Many of these windows contain advertisements for products that are inappropriate for your family to view.

Pop-up blocker

An attacker is able to insert database commands in the input fields and have those commands execute on the server. Which type of attack has occurred?

SQL injection

Which of the following is an attack that injects malicious scripts into Web pages to redirect users to fake websites or gather personal information?

XSS

A programmer that fails to check the length of input before processing leaves his code vulnerable to what form of common attack?

Buffer overflow

Having poor software development practices and failing to program input validation checks during development of custom software can result in a system vulnerable to which type of attack?

Buffer overflow

What is the most common attack waged against Web servers?

Buffer overflow

Which of the following attacks is a form of software exploitation that transmits or submits a longer stream of data than the input variable is designed to handle?

Buffer overflow

Which type of attack is the act of exploiting a software program's free acceptance of input in order to execute arbitrary code on a target?

Buffer overflow

You want to prevent your browser from running JavaScript commands that are potentially harmful. Which of the following would you restrict to accomplish this?

Client-side scripts

Which of the following are subject to SQL injection attacks?

Database servers

What type of attack has occurred?

Drive-by download