Which of these is NOT a reason why securing server-side web applications is difficult?
...
Which of these is not an HTTP header attack
...
What is another name for locally shared object
...
Browser plugins
...
An attacker who manipulates the maximum size of an integer type would be performing what kind of attack?
Integer Overflow
what kind of attack is performed by an attacker who takes advantage of the inadvertent and unauthorized access built through three succeeding systems that all trust one another?
transitive
Which statement is correct regarding why traditional network security devices cannot be used to block web application attacks?
Traditional network security devices ignore the content of http traffic, which is the vehicle of web application attacks.
What do attacker use buffer overflows to do?
point to another area in data memory that contains the attackers malware code.
What is unique about a cross-site scripting(xxs) attack compared to other injection attacks?
XXS does not attack the web application server to steal or corrupt its information.
What is a cookie that was not created by the website being viewed called?
third-party cookie
what is the basis of an sql injection attack?
to inject sql statements through unfiltered user input.
Which action cannot be performed through a successful SQL injection attack?
reformat the web application servers hard drive
Which markup language is designed to carry data
XML
What type of attack involves an attacker accessing files in directories other than the root directory?
Directory traversal
Which type of attack modifies the fields that contain the different characteristics of the data that is being transmitted?
HTTP header
What is a session token?
a random string assigned by a web server
Which of these is NOT a DOS Attack?
Push Flood
////////////////////////////
These are DOS attacks
SYN flood
ping flood
smurf
What type of attack intercepts legitimate communication and forges a fictitious response to the sender
man-in-the-middle
A replay attack
makes a copy of the transmission for use at a later time
DNS poisoning
substitutes DNS addresses so that the computer is automatically redirected to another device.