Security + review questions

Terms in this set (405)

This is a buffer overflow attack and the best protection against a buffer overflow attack is input validation.
Notice that this is an HTTP log entry and it has several sections.
72.52.230.233 - this is the originating IP address (where the HTTP query came from)
[9/June/2016:00:15:40 +1200] - This is the date and time stamp.
Get - This is the method used. Get retrieves a web page.
/index.aspx - This is a relative URL. When sent to the gcgapremium.com site it represents a full URL of
http://gcgapremium.com/index.php.
?username= The question mark indicates it is a query looking for information on a user based on the
given username.
index.php?
username=ZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZZ -
This is the attack. A username would normally be a short name, but the string of characters is attempting
to overload the buffer and cause buffer overflow. If successful, it allows the attacker to access memory
on the system.
200 This is a status code of OK. It indicates the Get command was accepted but doesn't indicate what
the response was.
"Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko)
Chrome/39.0.2171.95 Safari/537.36 OPR/26.0.1656.60" This gives information on the browser used to
send the message. Sometimes, it just lists all possibilities.
A SQL injection attack would include a SQL query.
An XML injection attack would include an XML query.
A session hijacking attack would typically include cookie information.
Error and exception handling should handle errors gracefully while also giving the user a minimal amount of
information. However, the scenario doesn't indicate an error has occurred.
Fuzzing is a testing method to check for buffer overflows by sending random data to an application.
However, the Get command is a structured query and not random.
. It is not an attack.
;