Chapter 3 Application Attack Indicators

Question 1

What is Privilege escalation?

Answer 1

Exploits that allow an attacker to achieve higher levels of authority

Question 2

What is Cross-site scripting (XSS)?

Answer 2

Injecting malicious code into a web app where it can be executed

Question 3

What is a Non-persistent XSS attack?

Answer 3

The injected script is not persisted or stored but rather is immediately executed and passed back via the web server

Question 4

What is a Persistent XSS attack?

Answer 4

The script is permanently stored on the web server or some backend storage. This allows the script to be used against others who log in to the system

Question 5

What is a DOM-based XSS attack?

Answer 5

The script is executed in the browser via the Document Object Model (DOM) process as opposed to the web server

Question 6

What is input validation?

Answer 6

Also know as data validation, is the structured and proper testing of any input that is supplied by an application or user

Question 7

What is a Structured Query Language (SQL) injection attacks

Answer 7

The manipulation of input, resulting in a SQL statement that is different from the statement the designer intended

Question 8

What is a Dynamic Link Library (DLL)?

Answer 8

a piece of code that can add functionality to a program through the inclusion of library routines linked at runtime

Question 9

What is DLL injection?

Answer 9

The process of adding to a program at runtime

Question 10

What is a pointer?

Answer 10

A construct that refers to the memory location that holds the variable

Question 11

What is a Directory Traversal attack?

Answer 11

When an attacker uses special inputs to circumvent the directory tree structure of the filesystem

Question 12

What is a Buffer Overflow?

Answer 12

An attack that sends a tone of values to the buffer causing it to overwrite was in the buffer, which can either cause an error or for any command sent as input to execute

Question 13

What is a race condition?

Answer 13

An error condition that occurs when the output of a function is dependent on the sequence or timing of the inputs

Question 14

What is a time of check/time of use attack?

Answer 14

An attack that takes advantage of a separation between the time a program checks a value and when it uses the value, allowing an unauthorized manipulation that can affect the outcome of a process

Question 15

What kind of attacks does input validation work well against?

Answer 15

buffer overflows, XSS, XSRF, path traversal, and incorrect calculation of buffer size

Question 16

What are replay attacks?

Answer 16

Recreate the conditions that existed the first time the sequence of events occurred

Question 17

What is a integer overflow

Answer 17

A programming error condition that occurs when a program attempts to store a numeric value in a variable that is too small to hold it

Question 18

What is Server-Side Request Forgery?

Answer 18

When an attacker sends requests to the server-side application to make HTTP requests to an arbitrary domain of the attackers choosing

Question 19

What is Cross-Site Request Forgery?

Answer 19

Attacks that utilize unintended behaviors that are proper in defined use but are performed under circumstances outside the authorized use

Question 20

What is an Application Programming Interface (API) attack?

Answer 20

Where an attacker specifically attacks the API and the service behind it by manipulating inputs

Question 21

What is Resource Exhaustion?

Answer 21

The state where a system does not have all of the resources it needs to continue to function

Question 22

What is a Memory Leak?

Answer 22

a type of resource leak that occurs when a computer program incorrectly manages memory allocations in a way that memory which is no longer needed is not released

Question 23

What is Secure Sockets Layer (SSL) Stripping?

Answer 23

A man in the middles attack against all SSL and early versions of TLS connections, It works by intercepting the initial connection requests for HTTPS, redirecting it to an HTTP site

Question 24

What is Driver Manipulation?

Answer 24

An attack on a system by changing drivers, this changing the behavior of the system

Question 25

What is Shimming?

Answer 25

A process of putting a layer of code between the driver and the OS, allows flexibility and portability by enabling changes between different versions of an OS without modding the original driver code

Question 26

What is Refactoring?

Answer 26

The process of restructuring existing computer code without changing its external behavior

Question 27

What is Pass The Hash?

Answer 27

A hacking technique where the attacker captures the hash used to authenticate a process, They can use this hash by injecting it into a process in place of the password