Chapter 3

Add-ons
Programs that provide additional functionality to Web browsers.
Address Resolution Protocol (ARP)
Part of the TCP/IP protocol for determining the MAC address based on the IP address.
ARP Poisoning
An attack that corrupts the ARP cache.
Attachments
Files that are coupled to e-mail messages.
Buffer Overflow
An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed-length storage buffer.
Client-Side Attack
An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data.
Cookie
A file on a local computer in which a server stores user-specific information.
Command Injection
Injecting and executing commands to execute on a server.
Cross-Site Scripting (XSS)
An attack that injects scripts into a Web application server to direct attacks at clients.
Denial of Service (DoS)
An attack that attempts to prevent a system from performing its normal functions.
Directory Traversal
An attack that takes advantage of a vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories.
Distributed Denial of Service (DDoS)
An attack that uses multiple zombie computers (even hundreds or thousands) in a botnet to flood a device with requests.
DNS Poisoning
An attack that substitutes DNS addresses so that the computer is automatically redirected to another device.
Domain Name System (DNS)
A hierarchical name system for matching computer names and numbers.
First-Party Cookie
A cookie that is created from the Web site that currently is being viewed.
Flash Cookie
A cookie named after the Adobe Flash player. Also known as local shared objects (LSO’s). Flash cookies cannot be deleted through the browser’s normal configuration settings as regular cookies can. Typically, they are saved in multiple locations on the hard drive and can take up as much as 100,000 bytes of storage per cookie (about 25 times the size of a normal cookie). Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked.
Host Table
A list of the mappings of names to computer numbers.
HTTP Header
Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted.
HTTP Header Manipulation
Modifying HTTP headers to create an attack.
Man-In-The-Middle
An attack that intercepts legitimate communication and forges a fictitious response to the sender.
Persistent Cookie (Tracking Cookie)
A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes.
Ping
A utility that sends an ICMP echo request message to a host.
Ping Flood
An attack that uses the Internet Control Message Protocol (ICMP) to flood a victim with packets.
Privilege Escalation
An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining.
Replay
An attack that makes a copy of the transmission before sending it to the recipient.
Secure Cookie
A cookie that is only used when a browser is visiting a server using a secure connection.
Session Cookie
A cookie that is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting a Web site.
Session Hijacking
An attack in which an attacker attempts to impersonate the user by using his session token.
Session Token
A form of verification used when accessing a secure Web application.
Smurf Attack
An attack that broadcasts a ping request to all computers on the network yet changes the address from which the request came to that of the target.
Spoofing
Impersonating another computer or device.
SQL Injection
An attack that targets SQL servers by injecting commands to be manipulated by the database.
SYN Flood Attack
An attack that takes advantage of the procedures for initiating a TCP session.
Third-Party Cookies
A cookie that was created by a third party that is different from the primary Web site.
Transitive Access
An attack involving using a third party to gain access rights.
XML (Extensible Markup Language)
A markup language that is designed to carry data instead of indicating how to display it.
XML Injection
An attack that injects XML tags and data into a database.
Zero Day Attacks
Attacks that exploit previously unknown vulnerabilities, so victims have not time (zero days) to prepare or defend against the attacks.
D. zero day
A __________ attack exploits previously unknown vulnerabilities.
A. virus resource
B. shock and awe
C. surprise
D. zero day
A. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of Web application attacks
Why can traditional networking security devices NOT be used to block Web application attacks?
A. Traditional network security devices ignore the content of HTTP traffic, which is the vehicle of Web application attacks
B. Web application attacks use Web browsers that cannot be controlled on a local computer
C. Network security devices cannot prevent attacks from Web resources
D. The complex nature of TCP/IP allows for too many ping sweeps to be blocked.
B. point to another area in data memory that contains the attacker’s malware code
Attackers use buffer overflows to __________.
A. corrupt the kernel so the computer cannot reboot.
B. point to another area in data memory that contains the attacker’s malware code
C. place a virus into the kernel
D. erase buffer overflow signature files
C. XSS does not attack the Web application server to steal or corrupt its information
What is unique about a cross-site scripting (XSS) attack compared to other injection attacks?
A. SQL code is used in an XSS attack
B. XSS requires the use of a browser
C. XSS does not attack the Web application server to steal or corrupt its information
D. XSS attacks are rarely used anymore compared to other injection attacks
D. ICMP
Each of the following can be used in an XSS attack except __________.
A. HTML
B. JavaScript
C. Adobe Flash
D. ICMP
C. third-party cookie
A cookie that was not created by the Web site being viewed is called a __________.
A. first-party cookie
B. second-party cookie
C. third-party cookie
C. fourth-party cookie
A. to inject SQL statements through unfiltered user input
The basis of a SQL injection attack is __________.
A. to inject SQL statements through unfiltered user input
B. to have the SQL server attack client Web browsers
C. to link SQL servers into a botnet
D. to expose SQL code so that it can be examined.
D. Reformat the Web application server’s hard drive
Which of the following cannot be performed through a successful SQL injection attack?
A. Display a list of customer telephone numbers
B. Discover the names of different fields in a table
C. Erase a database table
D. Reformat the Web application server’s hard drive
D. XML
A markup language that is designed to carry data is __________.
A. ICMP
B. HTTP
C. HTML
D. XML
B. Directory traversal
When an attacker can access files in directories other than the root directory, this is known as a(n) __________ attack.
A. Command injection
B. Directory traversal
C. SQL injection
D. XML injection
D. HTTP header
A(n) __________ attack modifies the fields that contain the different characteristics of the data that is being transmitted.
A. HTML packet
B. SQL injection
C. XML manipulation
D. HTTP header
A. Session
Which of the following cookies only lasts for the duration of visiting the Web site?
A. Session
B. Persistent
C. Temporary
D. RAM
A. A random string assigned by a Web server
What is a session token?
A. A random string assigned by a Web server
B. The same as third-party cookie
C. A unique identifier that includes the user’s e-mail address
D. XML code used in an XML injection attack
C. ActiveX can be integrated with JavaScript
Which of the following is not a security concern of the ActiveX add-on?
A. the person who signed the control may not have properly assessed the control’s safety.
B. A malicious ActiveX control can affect all users of that computer.
C. ActiveX can be integrated with JavaScript
D. ActiveX does not have safeguards and has full access to the Windows operating system
C. Push flood
Which of the following is not a DoS attack?
A. Ping flood
B. SYN flood
C. Push flood
D. Smurf
A. Man-in-the-Middle
What type of attack intercepts legitimate communication and forges a fictitious response to the sender?
A. Man-in-the-Middle
B. Interceptor
C. SQL intrusion
D. SIDS
A. makes a copy of the transmission for use at a later time
A replay attack __________.
A. makes a copy of the transmission for use at a later time
B. replays the attack over and over to flood the server
C. can be prevented by patching the Web server
D. is considered to be a type of DoS attack
D. ARP
___________ is used to discover the MAC address of a client based on its IP address.
A. Ping
B. ICMP
C. DNS
D. ARP
B. can attack an external DNS server
DNS poisoning __________.
A. is rarely found today due to the use of host tables
B. can attack an external DNS server
C. is the same as ARP poisoning
D. floods a DNS server with requests until it can no longer respond
A. Transitive access
__________ involves using a third party to gain access rights.
A. Transitive access
B. Privilege escalation
C. Active Rights Scaling (ARS)
D. Directory traversal
A web browser makes a request for a web page using the
http
Although traditional network security devices can block traditional network attacks, they cannot always block Web application attacks.
false
An attack in which the attacker attempts to impersonate the user by using his or her session token is known as:
session hijacking
A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.
session
ARP poisoning is successful because there are few authentication procedures to verify ARP requests and replies.
false
Attacks that take place against web based services are considered to be what type of attack?
server-side
A user has become compromised as a result of visiting a specific web page, without clicking on any kind of content. What type of attack has occurred?
drive by download
Because of the minor role it plays, DNS is never the focus of attacks
true
Because the XSS is a widely known attack, the number of Web sites that are vulnerable is very small.
true
Choose the SQL injection statement example below that could be used to find specific users:
whatever’ OR full_name LIKE ‘%Mia%’