A security administrator develops a web page and limits input into their fields on the web page as
well as filters special characters in output. The administrator is trying to prevent which of the
following attacks?
A.
Spoofing
B.
XSS
C.
Fuzzing
D.
Pharming
The key concept in here is that:
• We are talking about a WEB page
• With input fiedls
• Which are protected by limiting the size and the type of imput
INCORRECT ANSWERS:
A.Spoofing- In the context of network security, a spoofing attack is a situation in which a person or program successfully masquerades as another by falsifying data, to gain an illegitimate advantage.
C.Fuzzing – Fuzzing or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.
D.Pharming – Pharming is a cyber attack intended to redirect a website’s traffic to another, fake site. Pharming can be conducted either by changing the hosts file on a victim’s computer or by exploitation of a vulnerability in DNS server software.
So there is onlt one answer left standing, namely:
B.XSS
Cross-site scripting (XSS) is a type of computer security vulnerability typically found in Web applications. XSS enables attackers to inject client-side script into Web pages viewed by other users.
Cross-site scripting uses known vulnerabilities in web-based applications, their servers, or plug-in systems on which they rely.
Exploiting one of these, attackers fold malicious content into the content being delivered from the compromised site.
When the resulting combined content arrives at the client-side web browser, it has all been delivered from the trusted source, and thus operates under the permissions granted to that system.
By finding ways of injecting malicious scripts into web pages, an attacker can gain elevated access-privileges to sensitive page content, session cookies, and a variety of other information maintained by the browser on behalf of the user.
By validating user input and preventing special characters, we can prevent the injection of clientside scripting code.
0
0