Ethical Hacking Chapter 9 Web and Database Attacks

Ace your homework & exams now with Quizwiz!

Input validation is a result of SQL injections

True

Browser or Client side risks

affects the users system directly, such as crashing the browser, stealing information,, infecting the clients system, or having some effect on the clients system.

Distributed Denial of Service Attack (DDoS)

an attack launched simultaneously from large numbers of hosts that have been compromised and that act after receiving a command

Structured Query Language (SQL) Injections

are designed to exploit applications that supply data that is processed in the form of SQL statements designed to exploit "holes" in the application

Browser and Network based risks

attacker capturing network traffic between the client and server

Session

represents a temporary connection that a client has with the server application to accomplish some task

Server defects and misconfiguration risks

the ability to steal information form a server, run scripts or executables remotely, enumerate servers, and DoS attacks

Web applications are used to

Allow dynamic content

Info about SQL Injections

1. SQL injections are an exploit in which the attacker "injects" SQL code into an input box, form, or network packet with the goal of gaining unauthorized access or altering data 2. This technique can be used to inject SQL commands to exploit non validated input vulnerabilities in a web application database 3. This technique can also be used to execute arbitrary SQL commands through a web application

Denial of service attack (DoS)

An attack in which a service is overwhelmed by traffic so that its legitimate use is prevented or denied

SQL Injection

An attack on software applications and databases that extends valid SQL queries by adding, or injecting, specially crafted SQL statements to carry out unauthorized access to data or assets

Banner

Banner information is data that reveals telling information such as version and service data that will help an attacker

Port

Connection point on a system for the exchange of information, such as web server traffic or File Transfer Protocol [FTP]

Buffer Overflow

Error that occurs when an application, process, or program attempts to put more data in a buffer than it was designed to hold

Databases can be a victim of source code exploits

False

The stability of a web server does not depend on the operating system

False

Browsers do not display

Hidden fields

"___" are scripting languages

Javascript PHP

"___" is used to audit databases

NCC SQuirreL

which cloud computing service model provides a virtual infrastructure and some preinstalled software components

PaaS (platform as a Service)

Types of common DDoS attacks

Ping flooding attack Smurf attack SYN flooding Internet Protocol (IP) fragmentation / fragmentation attack

Which of the following challenges can be solved by firewalls

Protection against scanning

Cross-Site Scripting (XSS)

Relies on a variation of the input validation attack, but the target is different because the goal is to go after a user instead of the application or data

"___" can be caused by the exploitation of defects and code

SQL Injection

Three classes of individuals who will be interacting or concerned with the health and well being of the web server:

Server administrator Network administrator End user

Risk inherent with web servers can typically be broken into three categories:

Server defects and misconfiguration risks Browser and Network based risks Browser or Client side risks


Related study sets

MccEachern Ch 11 Aggregate Supply

View Set

CH: 10 Achieving World-Class Operations Management

View Set

Lab 9-3: Configure Application Virtualization

View Set

HA Chapter 12: Defining characteristics; healthy beliefs

View Set