Reading...
Play button
Play button
Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
|
1. “Failure to Preserve SQL Query Structure” is in the __________ CWE/SANS software error category.
|
Insecure Interaction Between Components
|
|
|
2. __________ programming is a form of design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of the software.
|
Defensive
|
|
|
3. Program _______ refers to any source of data that originates outside the program and whose value is not explicitly known by the programmer when the code was written.
|
input
|
|
|
4. Two key areas of concern for any input are the _______ of the input and the meaning and interpretation of the input.
|
size
|
|
|
5. A number of widely used standard C _________ compound the problem of buffer overflow by not providing any means of limiting the amount of data transferred to the space available in the buffer.
|
library routines
|
|
|
6. Program input data may be broadly classified as textual or ______.
|
binary
|
|
|
7. In the ________ attack the user supplied input is used to construct a SQL request to retrieve information from a database.
|
SQL injection
|
|
|
8. _________ attacks are most commonly seen in scripted Web applications.
|
Cross-site scripting
|
|
|
9. A variant where the attacker includes malicious script content in data supplied to a site is the __________ vulnerability.
|
XSS reflection
|
|
|
10. The process of transforming input data that involves replacing alternate, equivalent encodings by one common value is called _________.
|
canonicalization
|
|
|
11. The major advantage of ________ is its simplicity and its freedom from assumptions about the expected input to any program, service, or function.
|
fuzzing
|
|
|
12. A ________ occurs when multiple processes and threads compete to gain uncontrolled access to some resource.
|
race condition
|
|
|
13. UNIX related systems provide the chroot system function to limit a program’s view of the file system to just one carefully configured section that is known as a ________.
|
chroot jail
|
|
|
14. If privileges are greater than those already available to the attacker the result is a _________.
|
privilege escalation
|
|
|
15. The principle of ________ strongly suggests that programs should execute with the least amount of privileges needed to complete their function.
|
least privilege
|
