Web attacks
how do attackers use SQL injection
they write scripts intended to harvest authentication details
what is the primary goal of a Directory traversal attack
access files on your system
what is the primary defense against command execution attack
avoid command line calls
what is the primary defense against cross site scripting attacks
disable dynamic content from coming from the data store so hackers cannot inject javascript onto a page
what is a common way of doing cross site scripting attacks
exploit the Javascript code of a site to see sensitive data handled by the website
what is the goal of clickjacking attacks
get login credentials of users on a website
what is a common method of Directory traversal attacks
hackers can can get to the directories on the disk using the websites URL
what is the primary defense against Directory traversal attacks
have your hosting documents on a separate server or file partition
what is the goal of file upload vulnerability attacks
inject malicious code to the server by uploading a file with malicious code
what are common methods of clickjacking attacks
putting invisible page elements over other things on a webpage so the user goes to a different page
what is a common method for command execution attack
remote code execution
who is the target for Directory traversal attacks
server
who is the target for command execution attack
server
who is the target for file upload vulnerability attacks
server
who is the target of SQL injection
server
what is the primary defense of clickjacking attacks
set x-frame options correctly
what is the main goal of cross site scripting attacks
spread worms on social media sites
what are common methods of cross site request forgery attacks
spread worms on social media websites using malicious links
what is the goal of a command execution attack
take over a system using remote code execution
what is the goal of SQL injection
to extract sensitive info
what is the goal of cross site request forgery attacks
trick users browser into performing unwanted actions on your website
what are common methods of file upload vulnerability attacks
uploading malicious code to a server
what is the primary defense against cross site request forgery attacks
use REST framework to make sure GET requests are view only
what is the primary defense against file upload vulnerability attacks
use a separate server to store uploaded files so they aren't with other important informatio
how to prevent SQL injection
use parameterized statements to make sure SQL statements are treated in a safe manner
who is the target for clickjacking attacks
users
who is the target for cross site request forgery attacks
users
who is the target for cross site scripting attacks
users