Web Security Threats

Podcast

Play an AI-generated podcast conversation about this lesson

Questions and Answers

What is the name of the ransomware that was first reported in 2013?

Bad Rabbit

WannaCry

CryptoLocker (correct)

CryptoWall

What is the term for a type of malware that spreads from system to system without the need for human interaction?

Blended Threat

Worm (correct)

Trojan Horse

Virus

What is the term for a type of malware that disguises itself as legitimate software?

Trojan Horse (correct)

Virus

Worm

Ransomware

What is the term for a type of cyber attack where an attacker injects malicious code into a website's database?

SQL Injection Attack Signup and view all the answers

What is the term for a type of web attack where an attacker tricks a user into performing an unintended action?

Cross-Site Request Forgery (CSRF) Signup and view all the answers

What is the term for a type of web attack where an attacker injects malicious scripts into a website?

Cross-Site Scripting Attack (XSS) Signup and view all the answers

What is the main difference between Cross-Site Scripting (XSS) and Cross-Site Request Forgery (CSRF) attacks?

XSS exploits the trust a user has for a particular site, while CSRF exploits the trust a site has in a user's browser. Signup and view all the answers

What is the term for a type of malware that combines the characteristics of viruses, worms, and trojan horses?

Blended Threat Signup and view all the answers

What is the name of the ransomware that was spread through Facebook Messenger in 2018?

FacexWorm Signup and view all the answers

What is the primary goal of a SQL injection attack?

To retrieve hidden data or subvert application logic Signup and view all the answers

How can SQL injection attacks be prevented?

By using parameterized queries (prepared statements) instead of string concatenation Signup and view all the answers

What is the purpose of the '--' symbol in SQL?

To indicate a comment Signup and view all the answers

What is the main goal of a Cross-Site Request Forgery (CSRF) attack?

To cause a user's browser to perform unwanted actions on a trusted website Signup and view all the answers

What is the main difference between a Cross-Site Scripting (XSS) attack and a SQL injection attack?

XSS attacks exploit bugs in trusted websites, while SQL injection attacks exploit bugs in database queries Signup and view all the answers

What is a common technique used to exploit a SQL injection vulnerability?

Injecting malicious SQL code as user input Signup and view all the answers

What is the primary purpose of a web attack?

To steal sensitive user data Signup and view all the answers

What is a type of malware that involves adding malicious code to genuine macro sequences in documents or saved sequences of commands?

Macro virus Signup and view all the answers

What is a type of malware that demands payment in exchange for restoring access to data?

Ransomware Signup and view all the answers

What is a type of malware that combines the features of multiple types of malware?

Blended threat Signup and view all the answers

What is the primary way that malware is spread through emails?

Human action Signup and view all the answers

What is a type of malware that is used to gain unauthorized access to a system or network?

Rootkit Signup and view all the answers

What is a type of malware that is used to steal sensitive information, such as login credentials?

Keylogger Signup and view all the answers

What is a type of cyber attack that involves injecting malicious code into a database?

SQL injection Signup and view all the answers

What is a type of cyber attack that involves using a network of infected computers to launch attacks on other systems?

Botnet Signup and view all the answers

Study Notes

Web Attacks

Cross-Site Request Forgery (CSRF) exploits the trust a site has in a user's browser.
Cross-Site Scripting Attack (XSS) exploits the trust a user has for a particular site.
SQL injection Attack involves injecting malicious SQL code to retrieve sensitive data or modify data without authorization.

SQL Injection

Example of SQL injection: <a href="https://insecure-website.com/products?category=Gifts">https://insecure-website.com/products?category=Gifts</a>' OR 1=1 --
This injection retrieves all products including hidden data, bypassing restrictions.
SQL injection can be prevented by using parameterized queries (prepared statements) instead of string concatenation within the query.

Software Threats

Types of software threats: worms, viruses, Trojan horse programs, ransomware, blended threats.
Examples of ransomware: CryptoLocker (2013), CryptoWall (2014), WannaCry (2017), Petya (2017), Bad Rabbit (2017), Samsam (2016), Jigsaw (2016).
FacexWorm (May 2018) targeted cryptocurrency and spread through Facebook Messenger.
Methods of infection: Content Internet File System (CIFS), Simple Mail Transfer Protocol (SMTP), HyperText Transfer Protocol (HTTP).

Malware

Malware types: botnets, ransomware, keylogger, virus, Trojan horse, adware, spyware, rootkit.
File infectors, macro viruses, overwrite viruses, polymorphic viruses, resident viruses, system or boot-record infectors are types of viruses.
Macros are keystrokes embedded in documents or saved sequences for commands, which can be exploited by adding malicious code to genuine macro sequences.
Methods of malware spreading: social networks, email, text messages, internet downloads.

Studying That Suits You

Use AI to generate personalized quizzes and flashcards to suit your learning preferences.

Description

Learn about common web attacks, including Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), and SQL injection attacks. Understand how they exploit user trust and website vulnerabilities.