Web Security Pt.1 Flashcards

1
Q

What are the majority of web attacks on?

A

Web applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Where are the most vulnerabilities discovered?

A

Web applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does HTTP stand for?

A

hypertext transfer protocol

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is HTTP?

A

a text-based and stateless network protocol, encapsulated in TCP connections

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does HTML stand for?

A

Hypertext mark-up language

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What does HTML do?

A

describes document contents, independent of network or storage details

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is the ASCII for %?

A

%25

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

what is the ASCII for @?

A

%40

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

what is the ASCII for :?

A

%3A

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is the structure of a HTTP request?

A
  1. Request line
  2. Header
  3. Empty line
  4. Message body
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

give an example of a request line

A

GET/index.html HTTP/1.1

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what are the components of a request line?

A

method, resource, version

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

When would you use GET?

A

to fetch a resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

When would you use HEAD?

A

to get the headers of a resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

When would you use POST?

A

gets the data in the body of a resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is the structure of a HTTP reply

A
  1. Status line
  2. Header
  3. empty line -> CRLF
  4. Body of the message
17
Q

What are the status line and header terminated by?

A

CRLF

18
Q

What are the components of the status line?

A

protocol version, status code, text code

19
Q

What are the 2 main mechanisms to send the credential to the server?

A

Basic and Digest

20
Q

What does the basic mechanism do?

A

the password is base64 encoded and sent to the server

21
Q

What does the digest mechanism do?

A

the credentials are hashed and sent to the server with a nonce

22
Q

What does SOP stand for?

A

Same Origin Policy

23
Q

How is session info transmitted?

A
  1. Payload HTTP
  2. URL/URI
  3. Header HTTP
24
Q

What must authenticators be?

A

unforgeable and tamper-proof

25
Q

what is the cookie formula?

A

cookie = content || HMAC(K, content)

26
Q

What is local file inclusion?

A

when a web app is programmed to include files on the local file system

27
Q

what are LFI exploits usually due to?

A

poor user input sanitisation