Term
|
Definition
| Programs that provide additional functionality to web browsers |
|
|
Term
ARP
Address Resolution protocol |
|
Definition
| Part of the TCP/IP protocol for determining the MAC address based on the IP address |
|
|
Term
|
Definition
| An attack that corrupts the ARP cache |
|
|
Term
|
Definition
| Files that are coupled to an email message |
|
|
Term
|
Definition
| An attack that occurs when a process attempts to store data in RAM beyond the boundaries of a fixed length storage buffer |
|
|
Term
|
Definition
| An attack that targets vulnerabilities in client applications that interact with a compromised server or processes malicious data |
|
|
Term
|
Definition
| A file on a computer in which a server stores user-specific information |
|
|
Term
|
Definition
| Injecting and executing commnands to execute on a server |
|
|
Term
|
Definition
| An attack that injects scripts into a web application server to direct attacks at clients |
|
|
Term
|
Definition
| An attack that attempts to prevent a system from performing its normal functions |
|
|
Term
|
Definition
| An attack that takes advantage of a vulnerability in the web application program or the web server software so that a user can move from the root directory to other restricted directories |
|
|
Term
DDOS
Distributed Denial of Service |
|
Definition
| An attack that uses multiple zombie computers (even hundreds or thousands)in a botnet to flood a device with requests |
|
|
Term
|
Definition
| An attack that substitutes DNS addresses so that the computer is automatically redirected to another device |
|
|
Term
|
Definition
| A hierarchical name system for matching computer names and numbers |
|
|
Term
|
Definition
| A cookie that is created from the web site that currently is being viewed |
|
|
Term
|
Definition
| A cookie named after the Adobe flash player, also known as local shared objects(LSO) Flash cookies cannot be deleted through the browsers normal configuration settings as regular cookies can, typically they are saved in multiple locations on the hard drive and can be take up as much as 100,000 bytes of storage per cookie (about 25 times the size of a normal cookie)Flash cookies can also be used to reinstate regular cookies that a user has deleted or blocked |
|
|
Term
|
Definition
| A list of the mappings of names to computer numbers |
|
|
Term
|
Definition
| Part of HTTP that is composed of fields that contain the different characteristics of the data that is being transmitted |
|
|
Term
|
Definition
| Modifying HTTP headers to create an attack |
|
|
Term
|
Definition
| An attack that intercepts legitimate communication and forges a fictitious response to the sender |
|
|
Term
Persistent Cookie
(Tracking cookie) |
|
Definition
| A cookie that is recorded on the hard drive of the computer and does not expire when the browser closes |
|
|
Term
|
Definition
| A utility that sends an ICMP echo request message to a host |
|
|
Term
|
Definition
| An attack that uses the Internet control message protocol to flood a victim with packets |
|
|
Term
|
Definition
| An attack that exploits a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining |
|
|
Term
|
Definition
| An attack that makes a copy of the transmission before sending it to the recipient |
|
|
Term
|
Definition
| A cookie that is only used when when a browser is visiting a server using a secure connection |
|
|
Term
|
Definition
| A cookie that i stored in RAM instead of on the hard drive, and only lasts for the duration of visiting a web site |
|
|
Term
|
Definition
| An attack in which an attacker attempts to impersonate the user by using his session token |
|
|
Term
|
Definition
| A form of verification used when accessing a secure web application |
|
|
Term
|
Definition
| An attack that broadcasts a ping request to all computers on the network yet changes the address from which that request came to that of the target |
|
|
Term
|
Definition
| Impersonating another computer or device |
|
|
Term
|
Definition
| An attack that targets SQL servers by injecting commands to be manipulated by the database |
|
|
Term
|
Definition
| An attack that takes advantage of the procedures for initiating a TCP session |
|
|
Term
|
Definition
| A cookie that was created by a third party that is different from the primary web site |
|
|
Term
|
Definition
| An attack involving using a third party to gain access rights |
|
|
Term
Extensible Markup Language
XML |
|
Definition
| A markup language that is deigned to carry data instead of indicating how to display it |
|
|
Term
|
Definition
| An attack that injects XLM tags and data into a database |
|
|
Term
|
Definition
| Attacks that exploit previously unknown vulnerabilities, so victim have no time (zero days) to prepare or defend against the attacks |
|
|
Term
|
Definition
Web
Client-Side
Buffer overflow |
|
|
Term
|
Definition
| Enhancing the security of the web server operating systems and system systems |
|
|
Term
|
Definition
| Traditional network security devices can block traditional netwrok attacks, they cannot always block Web application attacks |
|
|
Term
| Securing Web Applications |
|
Definition
Hardening the web server
protecting the network |
|
|
Term
| Most common web application atatcks |
|
Definition
Cross-site scripting
SQL injection
XML Injection
Command injection
Directory Traversal |
|
|
Term
| XSS attack requires two criteria |
|
Definition
Accepts user input without validating
Uses input in a response without encoding it |
|
|
Term
|
Definition
| Specific directory on a web server's file system |
|
|
Term
| Web application atatcks are considered |
|
Definition
|
|
Term
|
Definition
| Attacked by viewing a web page |
|
|
Term
|
Definition
Inline frame
HTML element that allows for embedding another HTML document inside the main document |
|
|
Term
| Common clent side atatcks |
|
Definition
Header Manipulation
Cookies
Attachments
session Hijacking
Add-ons |
|
|
Term
|
Definition
HTTP header attacks
Allow the attacker to save the original web page, modify it, and then host it from her own computer |
|
|
Term
|
Definition
Web applications pass the contents of this filed directly to the database
build a filename from which to look up the correct language text, an attacker could generate a directoty traversal attack |
|
|
Term
| whatever AND email IS NULL |
|
Definition
| Determine the names of different fields in the database |
|
|
Term
| whatever and 1=(select count(*) from tabname): |
|
Definition
| Discover the name of the table |
|
|
Term
| whatever OR fullname LIKE"%MIA% |
|
Definition
|
|
Term
| Web servers typically restricted to root directory |
|
Definition
| MS IIS is C:\INETPUB\WWWROOT |
|
|
