PrepAway - Latest Free Exam Questions & Answers

which of the following application attacks?

Failure to validate the size of a variable before writing it to memory could result in which of the following
application attacks?

PrepAway - Latest Free Exam Questions & Answers

A.
Malicious logic

B.
Cross-site scripting

C.
SQL injection

D.
Buffer overflow

Explanation:
A buffer overflow occurs when a program or process tries to store more data in a buffer (temporary data
storage area) than it was intended to hold. Since buffers are created to contain a finite amount of data,
the extra information – which has to go somewhere – can overflow into adjacent buffers, corrupting or
overwriting the valid data held in them. Although it may occur accidentally through programming error,
buffer overflow is an increasingly common type of security attack on data integrity. In buffer overflow
attacks, the extra data may contain codes designed to trigger specific actions, in effect sending new
instructions to the attacked computer that could, for example, damage the user’s files, change data, or
disclose confidential information.
Validating the size of a variable before writing it to memory will ensure that the variable can fit into the
buffer. Failure to validate the size of a variable before writing it to memory can result in a buffer overflow.
Incorrect Answers:
A: Malicious logic is a set of instructions that cause site security policy to be violated in the same way a
malware. Failure to validate the size of a variable before writing it to memory does not cause malicious
logic.
B: Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web
applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems
on which they rely. Exploiting one of these, attackers fold malicious content into the content being
delivered from the compromised site. Failure to validate the size of a variable before writing it to memory
does not result in an XSS attack.
C: SQL injection is a code injection technique, used to attack data-driven applications, in which malicious
SQL statements are inserted into an entry field for execution (e.g. to dump the database contents to the
attacker). Failure to validate the size of a variable before writing it to memory does not result in a SQL
injection attack.

http://searchsecurity.techtarget.com/definition/buffer-overflowhttp://en.wikipedia.org/wiki/SQL_injection


Leave a Reply