Web attacks

Ace your homework & exams now with Quizwiz!

how do attackers use SQL injection

they write scripts intended to harvest authentication details

what is the primary goal of a Directory traversal attack

access files on your system

what is the primary defense against command execution attack

avoid command line calls

what is the primary defense against cross site scripting attacks

disable dynamic content from coming from the data store so hackers cannot inject javascript onto a page

what is a common way of doing cross site scripting attacks

exploit the Javascript code of a site to see sensitive data handled by the website

what is the goal of clickjacking attacks

get login credentials of users on a website

what is a common method of Directory traversal attacks

hackers can can get to the directories on the disk using the websites URL

what is the primary defense against Directory traversal attacks

have your hosting documents on a separate server or file partition

what is the goal of file upload vulnerability attacks

inject malicious code to the server by uploading a file with malicious code

what are common methods of clickjacking attacks

putting invisible page elements over other things on a webpage so the user goes to a different page

what is a common method for command execution attack

remote code execution

who is the target for Directory traversal attacks

server

who is the target for command execution attack

server

who is the target for file upload vulnerability attacks

server

who is the target of SQL injection

server

what is the primary defense of clickjacking attacks

set x-frame options correctly

what is the main goal of cross site scripting attacks

spread worms on social media sites

what are common methods of cross site request forgery attacks

spread worms on social media websites using malicious links

what is the goal of a command execution attack

take over a system using remote code execution

what is the goal of SQL injection

to extract sensitive info

what is the goal of cross site request forgery attacks

trick users browser into performing unwanted actions on your website

what are common methods of file upload vulnerability attacks

uploading malicious code to a server

what is the primary defense against cross site request forgery attacks

use REST framework to make sure GET requests are view only

what is the primary defense against file upload vulnerability attacks

use a separate server to store uploaded files so they aren't with other important informatio

how to prevent SQL injection

use parameterized statements to make sure SQL statements are treated in a safe manner

who is the target for clickjacking attacks

users

who is the target for cross site request forgery attacks

users

who is the target for cross site scripting attacks

users


Related study sets

ServSafe Chapter 7 (7th Edition)

View Set

Learning Curve: 11c The Social-Cognitive Perspective and Exploring the Self

View Set

Chapter 2: Equity and Debt Securities

View Set

ATI 70, 72 osteoporosis and osteoarthritis

View Set