CISA Guaranteed Success
Parameter tampering ️An attack where the hacker manipulates parameters within the URL string in
hopes of modifying data.
Web application developers sometimes use hidden fields to save information about a client session or to
submit hidden parameters, such as the la...
CISA Guaranteed Success
Parameter tampering ✔️An attack where the hacker manipulates parameters within the URL string in
hopes of modifying data.
Web application developers sometimes use hidden fields to save information about a client session or to
submit hidden parameters, such as the language of the end user, to the underlying application. Because
hidden form fields do not display in the browser, developers may feel safe passing unvalidated data in
the hidden fields (to be validated later). This practice is not safe because an attacker can intercept,
modify and submit requests, which can discover information or perform functions that the web
developer never intended.
Cross-site scripting ✔️This involves the compromise of the web page to redirect users to content on
the attacker web site
Cookie Poisoning ✔️This refers to the interception and modification of session cookies to impersonate
the user or steal logon credentials.
Stealth commanding ✔️This is the hijacking of a web server by the installation of unauthorized code.
Web content filter ✔️This accepts or denies web communications according to the configured rules. To
help the administrator properly configure the tool, organizations and vendors have made available
uniform resource locator blacklists and classifications for millions of web sites.
Stateful inspection firewall ✔️Also referred to dynamic packet filtering.
A network firewall that tracks the operating state and characteristics of network connections traversing
it. The firewall is configured to distinguish legitimate network packets for different types of connections.
Only packets matching a known active connection are allowed to pass the firewall.
Web cache server ✔️This is designed to improve the speed of retrieving the most common or recently
visited web pages.
Proxy server ✔️A proxy server services the request of its clients by forwarding requests to other
servers.
, A server application or appliance that acts as an intermediary for requests from clients seeking
resources from servers that provide those resources. A proxy server thus functions on behalf of the
client when requesting service, potentially masking the true origin of the request to the resource server.
Instead of connecting directly to a server that can fulfill a requested resource, such as a file or web page
for example, the client directs the request to the proxy server, which evaluates the request and
performs the required network transactions. This serves as a method to simplify or control the
complexity of the request, or provide additional benefits such as load balancing, privacy, or security.
Proxies were devised to add structure and encapsulation to distributed systems.
Public Key Certificate (Digital Certificate) ✔️An electronic document used to prove the ownership of a
public key.[1] The certificate includes information about the key, information about the identity of its
owner (called the subject), and the digital signature of an entity that has verified the certificate's
contents (called the issuer). If the signature is valid, and the software examining the certificate trusts the
issuer, then it can use that key to communicate securely with the certificate's subject.
In a typical public-key infrastructure (PKI) scheme, the certificate issuer is a certificate authority (CA),
usually a company that charges customers to issue certificates for them.
public key infrastructure (PKI) ✔️A public key infrastructure (PKI) is a set of roles, policies, hardware,
software and procedures needed to create, manage, distribute, use, store and revoke digital certificates
and manage public-key encryption. The purpose of a PKI is to facilitate the secure electronic transfer of
information for a range of network activities such as e-commerce, internet banking and confidential
email. It is required for activities where simple passwords are an inadequate authentication method and
more rigorous proof is required to confirm the identity of the parties involved in the communication and
to validate the information being transferred.
Certificate Authority ✔️The primary role of the CA is to digitally sign and publish the public key bound
to a given user. This is done using the CA's own private key, so that trust in the user key relies on one's
trust in the validity of the CA's key. When the CA is a third party separate from the user and the system,
then it is called the Registration Authority (RA), which may or may not be separate from the CA. The key-
to-user binding is established, depending on the level of assurance the binding has, by software or under
human supervision.
Quality of Service ✔️Main function of QoS is to optimize network performance by assigning priority to
business applications and end users through the allocation of dedicated parts of the bandwidth to
specific traffic.
quality of service refers to traffic prioritization and resource reservation control mechanisms rather than
the achieved service quality. Quality of service is the ability to provide different priorities to different
applications, users, or data flows, or to guarantee a certain level of performance to a data flow.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller CertifiedGrades. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $10.29. You're not tied to anything after your purchase.