1. Home
  2. Flashcards
  3. Preview

Security+ SY0-601 Chap 3dot2 Analyzing Potential Indicators Associated with Application Attacks

  1. Transparent testing is also known as....
    White-box testing
  2. In white-box testing what must the tester know?
    Programming and details of the design. Login details, production documentation, and source code.
  3. What techniques might a system tester use?
    System testers might use a combination of fuzzing (covered shortly), data flow testing, and other techniques such as stress testing, penetration testing, and sandboxes.
  4. compile-time errors
    Program errors that occur while the program is being compiled.
  5. runtime error
    is a program error that occurs while the program is running.
  6. What might runtime errors include?
    Runtime errors might include running out of memory, invalid memory address access, invalid parameter value, or buffer overflows/dereferencing a null pointer (to name a few), all of which can be discovered only by running the program as a user. Another potential runtime error can occur if there is an attempt to divide by zer
  7. structured exception handling (SEH)
    A mechanism used to handle software and hardware exceptions.
  8. Input validation
    A process that ensures the correct usage of data; it checks the data that is input by users into web forms and other similar web elements. If data is not validated correctly, it can lead to various security vulnerabilities, including sensitive data exposure and the possibility of data corruption.
  9. What are some ways you can validate data?
    You can validate data in many ways, from coded data checks and consistency checks to spelling and grammar checks, and so on.
  10. Input validation is the key to preventing which kind of attacks?
    SQL injection and XSS
  11. All form fields should be tested for good input validation code where?
    On both the client and server side.
  12. replay attack
    A network attack in which a valid data transmission is maliciously or fraudulently repeated or delayed.
  13. What is used to intercept data in a replay attack?
    a packet sniffer
  14. How could a website make it more difficult for a sniffer to use collected data?
    The first is to use session tokens that are transmitted to people the first time they attempt to connect and identify them subsequently. They are handed out randomly so that attackers cannot guess at token numbers. The second way is to implement timestamping and synchronization, as in a Kerberos environment. A third way would be to use a timestamped nonce, a random number issued by an authentication protocol that can be used only one time. You can also implement CHAP-based authentication protocols to provide protection against replay attacks.
  15. Session replay
    Session replay attacks occur when an attacker steals a user’s valid session ID and reuses that ID to perform malicious transactions and activities with a web application.
  16. Session hijacking
    Session hijacking is the exploitation of a computer session in an attempt to gain unauthorized access to data, services, or other resources on a computer.
  17. What are the types of session hijacks that can occur?
    • session theft
    • Tcp/IP hijacking
    • Blink hijacking
    • Clickjacking
    • On-path attack
    • Watering hole attack
  18. TCP/IP hijacking
    This is a common type of session hijacking, due to its popularity among attackers. It occurs when an attacker takes over a TCP session between two computers without the need of a cookie or any other type of host access. Because most communications’ authentication occurs only at the beginning of a standard TCP session, an attacker can attempt to gain access to a client computer anytime after the session begins.
  19. Which sessions are harder targets? UDP or TCP
    TCP
  20. What are some service that could use UDP to attack?
    Online game and DNS queries
  21. What can be done to mitigate the risk of TCP/IP hijacking?
    You should employ encrypted transport protocols such as SSL, IPsec, and SSH.
  22. Blind hijacking:
    This type of hijacking occurs when an attacker blindly injects data into a data stream without being able to see whether the injection was successful. The attacker could be attempting to create a new administrator account or gain access to one.
  23. Clickjacking:
    This type of hijacking occurs when a user browsing the web is tricked into clicking something different from what the user thought he or she was clicking. It is usually implemented as a concealed link—embedded code or a script on a website that executes when the user clicks that element.
  24. On-path attacks are also known as
    Man-in-the-middle MITM and man-in-the-browser MITB
  25. On-path attack
    These attacks intercept all data between a client and a server. It is a type of active interception. If successful, all communications now go through the MITM attacking computer. The attacking computer can at this point modify the data, insert code, and send it to the receiving computer. This type of eavesdropping is successful only when the attacker can properly impersonate each endpoint.
  26. On-path attacks can also make use of trojans and do what?
    The trojan infects a vulnerable web browser and modifies web pages and online transactions, in attempt to steal money or data.
  27. watering hole attack
    Attacker profiles the websites that the intended victim accesses. Scans them for vulns. If a website can be compromised the website is injected with javascript or other code designed to redirect the user when they go to that site. The site usually has exploit code..
  28. cross-site request forgery (XSRF)
    is a type of vulnerability in which an attacker lures the targeted user to execute unwanted actions on a web application. Threat-performing XSRF attacks leverage the trust that the application has in the targeted user. For example, the attacker could inherit the privileges of the user to perform an undesired action, such as stealing sensitive information, creating users, or downloading malware.
  29. server-side request forgery (SSRF)
    unlike a CSRF, is initiated from a web server through a vulnerable web application. With a CSRF attack, the user is tricked into doing something that benefits the attacker. In contrast, an SSRF attack is done for the purpose of compromising information from the web server or enabling other attacks, such as bypassing input validation controls or enabling the attacker to execute further commands. As SSRF attack exploits trust relationships.
  30. Simple Object Access Protocol
    Standards based web services access protocol developed by Microsoft has been used by numerous legacy applications for many years.
  31. What does SOAP (simple object access protocol) use to provide API services?
    XML
  32. SOAP replaces what?
    Distributed Component Object Model (DCOM) and Common Object Request Broker Architecture (CORBA)
  33. Representation State Transfer (REST)
    API that is easier to use than SOAP.
  34. What does Representation State Transfer (REST) to communicate instead of XML?
    JSON instead of XML.
  35. What standards does Representation State Transfer (REST) use?
    It uses standards such as Swagger and the OpenAPI Specification (https://www.openapis.org) for ease of documentation and to encourage adoption.
  36. GraphQL
    GraphQL is a query language for APIs that provides many developer tools.
  37. Where is graphql used?
    Many mobile applications and online dashboards and many different languages support graphql.
  38. What protocol do SOAP and REST use?
    HTTP
  39. Difference between SOAP and REST?
    SOAP limits itself to a stricter set of API messaging patterns than REST.
  40. What does an API often provide?
    A roadmap that that describes the underlying implementation of an app.
  41. Who can use the roadmap information provided by the API?
    Security professionals and hackers.
  42. API documentation can include Swagger (OpenAPI)
    Swagger is a modern framework of API documentation and development that is the basis of the OpenAPI Specification (OAS).
  43. API documentation can contain Web Services Description Language (WSDL) documents
    WSDL is an XML-based language that is used to document the functionality of a web service.
  44. API documentation can include WADL
    WADL is an XML-based language for describing web applications.
  45. What are the best practices and recommendations for securing API services?
    Secure API services to only provide HTTPS endpoints with a strong version of TLS.
  46. What are the best practices and recommendations for securing parameters in an application?
    Validate parameters in the application and sanitize incoming data from API clients.
  47. What are the best practices and recommendations for securing API?
    Explicitly scan for common attack signatures; injection attacks often betray themselves by following common patterns.
  48. What are the best practices and recommendations for standards?
    Use strong authentication and authorization standards
  49. What are the best practices and recommendations for libraries?
    Use reputable and standard libraries to create the APIs.
  50. What are the best practices and recommendations for API security and implementation?
    Segment API implementation and API security into distinct tiers; doing so frees up the API developer to focus completely on the application domain.
  51. What are the best practices and recommendations for securing identifying API info?
    Identify what data should be publicly available and what is sensitive information.
  52. What are the best practices and recommendations to do the API verification?
    If possible, have a security expert do the API code verification.
  53. What are the best practices and recommendations API documentation?
    Make internal API documentation mandatory.
  54. What are the best practices and recommendations for securing API and its discussions?
    Avoid discussing company API development (or any other application development) on public forums.
  55. Resource exhaustion attacks are a form of?
    Resource exhaustion attacks are a form of denial-of-service attacks. They can also leverage software vulnerabilities such as memory leaks and file descriptor leaks.
  56. Resource exhaustion
    Resource exhaustion is an attack against availability that is designed to bring the network, or access to a particular TCP/IP host/server, to its knees by flooding it with useless traffic.
  57. Most DoS attacks today are launched from?
    Botnets
  58. Memory leak
    A type of resource leak caused when a program does not release memory properly.
  59. What can a lack of freed-up memory lead to?
    Reduce the performance of a computer.
  60. How might memory leaks happen?
    The memory leak might happen on its own due to poor programming, or it could be that code resides in the application that is vulnerable and is later exploited by an attacker who sends specific packets to the system over the network.
  61. Memory leaks are common in which programming languages?
    C or C++
  62. What can be added to address memory leaks?
    Memory debuggers can be used to check for leaks.
  63. What can be added to c and c++ or other programming languages to check for potential memory leaks?
    Garbage collection libraries.
  64. TLS replaced what?
    SSL
  65. TLS versions of what are susceptible to SSL stripping attacks?
    1.2
  66. All versions of SSL are susceptible to?
    SSL Stripping
  67. SSL stripping attack
    An SSL stripping attack occurs when an attacker performs a man-in-the-middle attack and can redirect a client to an insecure HTTP connection. The attacker still establishes a secure HTTPS connection between herself or himself and the server.
  68. shimming
    Adding a small library that intercepts API calls.
  69. refactoring
    The restructuring of driver code.
  70. All versions of Windows store passwords as hashes where?
    A file called the security accounts manager (SAM) file.
  71. What are Microsoft's suite of security protocols for authentication called?
    NT LAN Manager (NTLM).
  72. What were the two version os NTLM available in the past?
    NTLMv1 and NTLMv2
  73. Since Windows 2000 what has windows used for security in Windows Domains?
    Kerberos
  74. When may NTLM still be used?
    When the client is authenticating to a server via IP address or if a client is authenticating to a server in a different Active Directory (AD) forest configured for NTLM trust instead of. transitive inter forest trust.
  75. What is the pass the hash attack?
    Because password hashes cannot be reversed, instead of trying to figure out what the user’s password is, an attacker can just use a password hash collected from a compromised system and then use the same hash to log in to another client or server system.
  76. Mimikatz
    A tool used by many penetration testers, attackers, and even malware that can be useful for retrieving password hashes from memory; it is a useful post-exploitation tool.
  77. cross-site scripting (XSS)
    A web application vulnerability where an attacker can redirect a user to a malicious site, steal session cookies, or steal other sensitive information.
  78. What does an API do?
    Application programming interface. Allows other systems to interact with an application.
  79. Methods or technologies behind modern API.
    • Simple object access protocol (SOAP)
    • Representational state transfer (REST)
    • GraphQL
  80. What is SOAP?
    This standards-based web services access protocol was originally developed by Microsoft and has been used by numerous legacy applications for many years. SOAP exclusively uses XML to provide API services.
  81. SOAP is governed by what kind of a schema?
    XML Schema Definition (XSD) documents
  82. What did SOAP replace?
    Distributd component object model (DCOM) and Common Object Request Broker Architecture (CORBA).
  83. What is Representational State Transfer (REST)?
    Is is an API standard that is easier to use than SOAP.
  84. What standards are used by Representational State Transfer (REST)?
    Swagger and the OpenAPI specification for ease of documentation and to encourage adoption.
  85. What is GraphQL?
    GraphQL is a query language for APIs that provides many developer tools. GraphQL is now used for many mobile applications and online dashboards, and many different languages support GraphQL.
  86. What information can an API provide to both hackers and security professionals?
    An API often provides a roadmap that describes the underlying implementation of an application. It also provides API documentation
  87. Swagger (OpenAPI)
    Swagger is a modern framework of API documentation and development that is the basis of the OpenAPI Specification (OAS).
  88. Web Services Description Language (WSDL) documents:
    WSDL is an XML-based language that is used to document the functionality of a web service.
  89. Web Application Description Language (WADL) documents:
    WADL is an XML-based language for describing web applications.
  90. Best practices and recommendations for securing APIs?
    Secure API services to only provide HTTPS endpoints with a strong version of TLS.

    Validate parameters in the application and sanitize incoming data from API clients.

    Explicitly scan for common attack signatures; injection attacks often betray themselves by following common patterns.

    Use strong authentication and authorization standards.

    Use reputable and standard libraries to create the APIs.

    Segment API implementation and API security into distinct tiers; doing so frees up the API developer to focus completely on the application domain.

    Identify what data should be publicly available and what is sensitive information.

    If possible, have a security expert do the API code verification.

    Make internal API documentation mandatory.

    Avoid discussing company API development (or any other application development) on public forums.
  91. Resource exhaustion
    Resource exhaustion is an attack against availability that is designed to bring the network, or access to a particular TCP/IP host/server, to its knees by flooding it with useless traffic.
  92. What tool is used by many penetration testers, attackers, and even malware that can be useful for retrieving password hashes from memory?
    Mimikatz
  93. What is the act of restructuring driver code called?
    Driver refactoring
  94. What type of attack occurs when the attacker performs an MITM attack and can redirect a client to an insecure HTTP connect?
    SSL stripping attack
  95. What is a modern framework of API documentation and development that is the basis of the OpenAPI Specification (OAS)?
    Swagger
  96. What type of attack occurs when a user browsing the web is tricked into clicking something different than what the user thought he or she was clicking?
    clickjacking
  97. What type of attack is difficult to exploit because it takes advantage of the small window of time between when a service is used and its corresponding security control is executed in an application, operating system, or when temporary files are created?
    Race condition
  98. What feature is supported in most modern operating systems that can help prevent the exploitation of buffer overflows, remote code execution, and memory corruption vulnerabilities?
    Adderss space layout randomization (ASLR)
  99. What is a type of input validation vulnerability and attack against an application that parses XML input?
    XML External Entity (XXE)
Author
andres666
ID
358071
Card Set
Security+ SY0-601 Chap 3dot2 Analyzing Potential Indicators Associated with Application Attacks
Description
Updated

  1. Home
  2. Flashcards
  3. Preview