module 6

Question 1

HTTP

Answer 1

stateless protocol that does not rely on a persistent connection for communication logic.​ an application-level protocol in the TCP/IP protocol suite, and it uses TCP as the underlying transport layer protocol for transmitting messages. uses a request/response model

Question 2

HTTP GET

Answer 2

Retrieves information from the server. No modifying​

Question 3

HTTP POST

Answer 3

Sends data to the server, modifies, new resources.

Question 4

HTTP PUT

Answer 4

Uploads a representation of the specified URI, update resources, modifying.​

Question 5

HTTP DELETE

Answer 5

Deletes the specified resource.​

Question 6

URL STRUCTURE: SCHEME

Answer 6

designates the underlying protocol to be used

Question 7

URL STRUCTURE: HOST

Answer 7

the IP address (numeric or DNS-based) for the web server being accessed

Question 8

URL STRUCTURE: PORT

Answer 8

designates the port number to which the target web server listens

Question 9

URL STRUCTURE: PATH

Answer 9

“root” directory of the server to the desired resource

Question 10

URL STRUCTURE: PATH-SEGMENT-PARAMS

Answer 10

optional name/value pairs (that is, path segment parameters)

Question 11

URL STRUCTURE: QUERY-STRING

Answer 11

optional portion of the URL contains name/value pairs that represent dynamic parameters associated with the request

Question 12

WEB SESSIONS

Answer 12

is a sequence of HTTP request and response transactions between a web client and a server. ​ can create sessions to keep track of anonymous users after the very first user request. ​can provide session capabilities both before and after authentication.​

Question 13

SESSION IDS/TOKENS

Answer 13

In order to keep the authenticated state and track user progress. name/value pair.​may indicate what framework and programming languages are used by the web application.​must be long enough to prevent brute-force attacks. temporarily equivalent to the strongest authentication method used by the application, such as username and password, one-time password, client-based digital certificate, and so on.​ COOKIES.

Question 14

SESSION FIXATION ATTACKS

Answer 14

in which the attacker is able to intercept and manipulate the web traffic to inject (or fix) the session ID on the victim’s web browser.​

Question 15

COOKIE MAXAGE OR EXPIRES ATTRIBUTE

Answer 15

it is considered a persistent cookie and is stored on a disk by the web browser until the expiration time.

Question 16

HTTPS ONLY

Answer 16

flag forces the web browser to have this cookie processed only by the server, and any attempt to access the cookie from client-based code or scripts is strictly forbidden. ​

Question 17

NON-PERSISTANT COOKIES

Answer 17

track users after authentication

Question 18

Open Web Application Security Project (OWASP)

Answer 18

an international organization dedicated to educating industry professionals, creating tools, and evangelizing best practices for securing web applications and underlying systems. ​

Question 19

BUSINESS LOGIC FLAWS

Answer 19

enable an attacker to use legitimate transactions and flows of an application in a way that results in a negative behavior or outcome. ​

Question 20

SQL INJECTION

Answer 20

can be catastrophic because they can allow an attacker to view, insert, delete, or modify records in a database. ​the attacker inserts, or injects, partial or complete SQL queries via the web application. ​

Question 21

SQL STATEMENTS

Answer 21

select, update, delete, insert into, create database, alter database, create table, alter table, drop table, insert index, drop index

Question 22

INBAND SQL INJECTION (ATTACK)

Answer 22

the attacker obtains the data by using the same channel that is used to inject the SQL code.

Question 23

OUTOFBAND SQL INJECTION (ATTACK)

Answer 23

the attacker retrieves data using a different channel. For example, an email, a text, or an instant message could be sent to the attacker with the results of the query; or the attacker might be able to send the compromised data to another system.​

Question 24

BLIND SQL INJECTION (ATTACK)

Answer 24

the attacker does not make the application display or transfer any data; rather, the attacker is able to reconstruct the information by sending specific statements and discerning the behavior of the application and database.​

Question 25

UNION OPERATOR (exploit)

Answer 25

when an SQL injection vulnerability allows a SELECT statement to combine two queries into a single result or a set of results.​

Question 26

BOOLEAN (exploit)

Answer 26

verify whether certain conditions are true or false.​ blind SQL injection attacks.

Question 27

ERROR BASED TECHNIQUE (exploit)

Answer 27

used to force the database to generate an error in order to enhance and refine an attack (injection).​

Question 28

OUTOFBAND TECHNIQUE (exploit)

Answer 28

obtain records from the database by using a different channel. when you are exploiting a blind SQL injection vulnerability. ​

Question 29

TIME DELAY (exploit)

Answer 29

use database commands to delay answers. induce a delay in the response, which indicates that the result of the conditional query is true.​

Question 30

DATABASE FINGERPRINTING

Answer 30

​In order to successfully execute complex queries and exploit different combinations of SQL injections, you must first fingerprint the database. pay close attention to any errors returned by the application.

Question 31

STACKED QUERIES

Answer 31

​This technique allows you to execute multiple statements in the same call to the database.​ limited to SELECT statements. ​

Question 32

STORED PROCEDURE

Answer 32

one or more SQL statements or a reference to an SQL server. ​
Stored procedures can accept input parameters and return multiple values in the form of output parameters to the calling program. ​
They can also contain programming statements that execute operations in the database (including calling other procedures).​

Question 33

COMMAND INJECTION

Answer 33

an attack in which an attacker tries to execute commands that he or she is not supposed to be able to execute on a system via a vulnerable application. ​Command injection is not the same as code execution and code injection, which involve exploiting a buffer overflow or similar vulnerability.​

Question 34

LDAP INJECTION VULNERABILITIES

Answer 34

input validation vulnerabilities that an attacker uses to inject and execute queries to LDAP servers. ​A successful LDAP injection attack can allow an attacker to obtain valuable information for further attacks on databases and internal applications.​ Authentication bypass AND Information disclosure.

Question 35

SESSION HIJACKING

Answer 35

a method of taking over a web user session by surreptitiously obtaining the session ID and masquerading as the authorized user