3/16/2020 Testout Labsim

3/16/2020 TestOut LabSim

8.4 Web Application Attacks

As you study this section, answer the following questions:

What are two ways that drive-by download attacks occur? Which countermeasures can be used to eliminate buﬀer overﬂow attacks? How can cross-site scripting (XSS) be used to breach the security of a web user? What is the best method for preventing SQL injection attacks? What are some types of header manipulation? Which mitigation practices help to protect internet-based activities from web application attacks?

In this section, you will learn to:

Prevent cross-site scripting

Key terms for this section include the following:

Term Deﬁnition

Drive-By Download An attack where software or malware is downloaded and installed without explicit consent from the user.

Typosquatting/URL Hijacking An attack that occurs when an attacker registers domain names that correlate to common typographical errors made by users when trying to access a legitimate website.

Buﬀer Overﬂow An attack that exploits an operating system or an application that does not properly enforce boundaries for how much and what type of data can be inputted.

An attack that exploits a computational operation by a running process that results in a numeric value that exceeds the maximum size of the integer type used to store it in Integer Overﬂow memory.

Cross-Site Scripting (XSS) An attack that injects scripts into webpages.

Cross-Site Request Forgery A type of malicious exploit whereby unauthorized commands are transmitted from the user to a website that currently trusts the user by way of authentication, cookies, etc. (CSRF/XSRF)

LDAP Injection An attack that uses LDAP statements with arbitrary commands to exploit web-based applications with access to a directory service.

XML Injection An attack that uses malicious content and/or structures in an XML message to alter the intended logic of the application.

Command Injection An attack that injects and executes unwanted commands on the application.

SQL Injection An attack that occurs when an attacker includes database commands within user data input ﬁelds on a form, and those commands subsequently execute on the server.

Pointer Dereference A programming feature that references another location in a computer's memory that gives an attacker leverage in subsequent attacks.

DLL Injection An attack that occurs when a program is forced to load a dynamic-link library (DLL), which then executes malicious code under the security context of the running application.

Directory Traversal An attack that uses speciﬁc characters to access the parent directory in a ﬁle system.

Header Manipulation The process of including invalid data in an HTTP response header.

Zero-Day An attack that exploits computer application vulnerabilities before they are known and patched by the application's developer.

Client-Side An attack that exploits vulnerabilities in client applications that interact with a malicious server.

Refactoring An attack where a device drivers is refactored or changes to include hidden functions that beneﬁt the attacker.

Shimming An attack where an API shim is modiﬁed by injecting malicious code.

This section helps you prepare for the following certiﬁcation exam objectives:

Exam Objective

4.1 Harden the Network Perimeter (using a Cisco Network Security Appliance) TestOut Security Pro Implement web threat protection

1.2 Compare and contrast types of attacks

Application/service attacks Buﬀer overﬂow Injection Cross-site scripting Cross-site request forgery Zero day Hijacking and related attacks Clickjacking Session hijacking URL hijacking CompTIA Security+ Typo squatting Driver manipulation Shimming Refactoring

1.6 Explain the impact associated with types of vulnerabilities

Memory/buffer vulnerability Integer overflow Buffer overflow DLL injection New threats/zero day

https://cdn.testout.com/client-v5-1-10-612/startlabsim.html 1/1