Only $35.99/year

CS 5770 Cumulative Final Exam Terms

Terms in this set (250)

1) Injection (SQL, NoSQL, OS, LDAP)
2) Broken Authentication (incorrect implementation, adversaries compromise passwords, keys, session tokens, etc.)
3) Sensitive Data Exposure (web applications and APIS do not properly protect sensitive data)
4) External Entities [XXE] (many older or poorly configured XML processors evaluate external entity references within XML documents)
5) Broken Access Control (Restrictions on what authenticated users are allowed to do are not properly enforced / attackers can exploit the flaws and gain unauthorized access to sensitive data)
6) Security Misconfiguration (Most commonly seen issue: insecure default configurations, open cloud storage, misconfigured HTTP headers, incomplete or ad hoc configurations, etc.)
7) Cross Site Scripting (XSS): flaws occur whenever an application includes untrusted data in a new web page without proper validation or escaping / XSS allows attackers to execute scripts in the victim's browser which can hijack user sessions.
8) Insecure Deserialization: leads to remote code execution / used to perform attacks (replay, injection, privilege escalation attacks).
9) Using Components with Known Vulnerabilities (libraries, frameworks, software modules, run with same privileges as the application / if the component(s) is exploited, the attack can result in data loss or server takeover).
10) Insufficient Logging & Monitoring (with ineffective integration with incident responses): allows attackers to attack systems, maintain persistence, tamper / extract / destroy data).