Recent

  • Show all results for ""
quiz image
By @michael_schiffer_design

Web Security Threats

ClearerPlatinum avatar
ClearerPlatinum
·
·
Download

Start Quiz

Study Flashcards

24 Questions

What is the name of the ransomware that was first reported in 2013?

CryptoLocker

What is the term for a type of malware that spreads from system to system without the need for human interaction?

Worm

What is the term for a type of malware that disguises itself as legitimate software?

Trojan Horse

What is the term for a type of cyber attack where an attacker injects malicious code into a website's database?

SQL Injection Attack

What is the term for a type of web attack where an attacker tricks a user into performing an unintended action?

Cross-Site Request Forgery (CSRF)

What is the term for a type of web attack where an attacker injects malicious scripts into a website?

Cross-Site Scripting Attack (XSS)

What is the main difference between Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks?

XSS exploits the trust a user has for a particular site, while CSRF exploits the trust a site has in a user's browser.

What is the term for a type of malware that combines the characteristics of viruses, worms, and trojan horses?

Blended Threat

What is the name of the ransomware that was spread through Facebook Messenger in 2018?

FacexWorm

What is the primary goal of a SQL injection attack?

To retrieve hidden data or subvert application logic

How can SQL injection attacks be prevented?

By using parameterized queries (prepared statements) instead of string concatenation

What is the purpose of the '--' symbol in SQL?

To indicate a comment

What is the main goal of a Cross-Site Request Forgery (CSRF) attack?

To cause a user's browser to perform unwanted actions on a trusted website

What is the main difference between a Cross-Site Scripting (XSS) attack and a SQL injection attack?

XSS attacks exploit bugs in trusted websites, while SQL injection attacks exploit bugs in database queries

What is a common technique used to exploit a SQL injection vulnerability?

Injecting malicious SQL code as user input

What is the primary purpose of a web attack?

To steal sensitive user data

What is a type of malware that involves adding malicious code to genuine macro sequences in documents or saved sequences of commands?

Macro virus

What is a type of malware that demands payment in exchange for restoring access to data?

Ransomware

What is a type of malware that combines the features of multiple types of malware?

Blended threat

What is the primary way that malware is spread through emails?

Human action

What is a type of malware that is used to gain unauthorized access to a system or network?

Rootkit

What is a type of malware that is used to steal sensitive information, such as login credentials?

Keylogger

What is a type of cyber attack that involves injecting malicious code into a database?

SQL injection

What is a type of cyber attack that involves using a network of infected computers to launch attacks on other systems?

Botnet

Study Notes

Web Attacks

  • Cross-Site Request Forgery (CSRF) exploits the trust a site has in a user's browser.
  • Cross-Site Scripting Attack (XSS) exploits the trust a user has for a particular site.
  • SQL injection Attack involves injecting malicious SQL code to retrieve sensitive data or modify data without authorization.

SQL Injection

  • Example of SQL injection: <a href="https://insecure-website.com/products?category=Gifts">https://insecure-website.com/products?category=Gifts</a>' OR 1=1 --
  • This injection retrieves all products including hidden data, bypassing restrictions.
  • SQL injection can be prevented by using parameterized queries (prepared statements) instead of string concatenation within the query.

Software Threats

  • Types of software threats: worms, viruses, Trojan horse programs, ransomware, blended threats.
  • Examples of ransomware: CryptoLocker (2013), CryptoWall (2014), WannaCry (2017), Petya (2017), Bad Rabbit (2017), Samsam (2016), Jigsaw (2016).
  • FacexWorm (May 2018) targeted cryptocurrency and spread through Facebook Messenger.
  • Methods of infection: Content Internet File System (CIFS), Simple Mail Transfer Protocol (SMTP), HyperText Transfer Protocol (HTTP).

Malware

  • Malware types: botnets, ransomware, keylogger, virus, Trojan horse, adware, spyware, rootkit.
  • File infectors, macro viruses, overwrite viruses, polymorphic viruses, resident viruses, system or boot-record infectors are types of viruses.
  • Macros are keystrokes embedded in documents or saved sequences for commands, which can be exploited by adding malicious code to genuine macro sequences.
  • Methods of malware spreading: social networks, email, text messages, internet downloads.

Learn about common web attacks, including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL injection attacks. Understand how they exploit user trust and website vulnerabilities.

Make Your Own Quizzes and Flashcards

Convert your notes into interactive study material.

Get started for free

More Quizzes Like This

Web Security Quiz
3 questions

Web Security Quiz

LucrativeMagenta avatar
LucrativeMagenta
Web Security: CSRF Attacks and Prevention
10 questions

Web Security: CSRF Attacks and Prevention

SlickSynthesizer avatar
SlickSynthesizer
Web Security Measures and SQL Injection Vulnerability
5 questions

Web Security Measures and SQL Injection Vulnerability

CohesiveYew avatar
CohesiveYew
Web Security: XSS and SQL Injection Quiz
12 questions

CSRF vs XSS: SQL Injection Differences - Web Security Quiz

LighterZirconium avatar
LighterZirconium
Use Quizgecko on...
Browser
Open
Browser
Browser