Exam (elaborations)
WGU C836 Task 1 Updated 2024 with complete solution
- Course
- Institution
WGU C836 Task 1 Updated 2024 with complete solution
[Show more]
Content preview
WGU C836 Task 1 Updated 2024 with complete solutionbounds checking - ANSWERto set a limit on the amount of data we expect to receive to
set aside storage for that data
*required in most programming languages
* prevents buffer overflows
race conditions - ANSWERvulnerability occur when two computer program processes,
or threads, attempt to access the same resource at the same time and cause problems
in the system.
input validation - ANSWERThis vulnerability is caused when the product does not
validate or incorrectly validates input that can affect the control flow or data flow of a
program.
format string attack - ANSWERa type of input validation attacks in which certain print
functions within a programming language can be used to manipulate or view the internal
memory of an application
authentication attack - ANSWERA type of attack that can occur when we fail to use
strong authentication mechanisms for our applications
authorization attack - ANSWERA type of attack that can occur when we fail to use
authorization best practices for our applications
cryptographic attack - ANSWERA type of attack that can occur when we fail to properly
design our security mechanisms when implementing cryptographic controls in our
applications
client-side attack - ANSWERA type of attack that takes advantage of weaknesses in the
software loaded on client machines or one that uses social engineering techniques to
trick us into going along with the attack
XSS (Cross Site Scripting) - ANSWERan attack carried out by placing code in the form
of a scripting language into a web page or other media that is interpreted by a client
browser
XSRF (cross-site request forgery) - ANSWERan attack in which the attacker places a
link on a web page in such a way that it will be automatically executed to initiate a
particular activity on another web page or application where the user is currently
authenticated
, clickjacking - ANSWERAn attack that takes advantage of the graphical display
capabilities of our browser to trick us into clicking on something we might not otherwise
server-side attack - ANSWERtarget vulnerabilities such as lack of input validation,
improper or inadequate permissions, or extraneous files left on the server from the
development process
Lack of input validation - ANSWERStructured Query Language (SQL) injection gives us
a strong example of what might happen if we do not properly validate the input of our
Web applications.
Extraneous Files - ANSWERunnecessary files that aren't cleaned up when the
application moves from development to production. Leaving files may be handing
attackers materials they need to compromise the system.
Protocol issues, unauthenticated access, arbitrary code execution, and privilege
escalation - ANSWERName the 4 main categories of database security issues
web application analysis tool - ANSWERA type of tool that analyzes web pages or web-
based applications and searches for common flaws such as XSS or SQL injection flaws,
and improperly set permissions, extraneous files, outdated software versions, and many
more such items
protocol issues - ANSWERunauthenticated flaws in network protocols, some common
software development issues, such as buffer overflows.
arbitrary code execution - ANSWERSecurity flaw in scripting languages used to talk to
database, generally these are concentrated on SQL.
allows the attacker to execute commands on a user's computer.
Privilege Escalation - ANSWERAn attack that exploits a vulnerability in software to gain
administrative access to resources that the user normally would be restricted from
accessing.
* via SQL injection or local issues
validating user inputs - ANSWERa security best practice for all software
* the most effective way of mitigating SQL injection attacks
Nikto (and Wikto) - ANSWERA web server analysis tool that performs checks for many
common server-side vulnerabilities & creates an index of all the files and directories it
can see on the target web server (a process known as spidering)
burp suite - ANSWERWeb analysis tool for penetration, identifies vulnerabilities, and
verify attack vector that affect web applications
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Americannursingaassociation. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $15.99. You're not tied to anything after your purchase.
Can Stuvia be trusted?
4.6 stars on Google & Trustpilot (+1000 reviews)
85443 documents were sold in the last 30 days
Founded in 2010, the go-to place to buy study notes for 14 years now