Chapter 8: Application Security (8.1)
Buffers
Areas of RAM where programs often store information temporarily.
Buffer Overflow
If the attacker sends a message with more bytes than the programmer had allocated for a buffer, the attacker's information will spill over into other areas of RAM.
Internet Information Server (IIS)
Microsoft's webserver software. It offers a number of services, including an Internet Printing Protocol (IPP) service. Although few users ever use this service, it was turned on by default in early versions of this.
Stack Entry
Often, operating systems run several programs. Whenever the operating system must put a program on hold to run another, it writes information about the suspended program in this.
Cross-Site Scripting (XSS)
One user's input can appear on the page of another user. This is a danger in any webpage that reflects back a user's input. For instance, reflection exists if you type a username and the next webpage contains, "Hello, username."
Return Address
Points to the location in RAM that holds the address of the next command to be executed in the suspended program. When the entry is retrieved from (popped off of) the stack, the program that placed the entry there will pass control to the command at the location indicated in the return address. It is written into the stack entry before data is written into the buffer.
Ajax
Short for Asynchronous JavaScript XML. Uses uses multiple technologies to create dynamic client-side applications. Using it is advantageous because it allows local webpages to dynamically change without having to interact with the server each time a change is made. However, the dynamic nature of Ajax makes it susceptible to malicious code injection, altered XML, manipulation of client-side validations, and so on.