1
Q
What is an application threat ?
A
An application threat takes advantage of vulnerabilities w/in the applications themselves.
Vulnerabilities might be present in these applications due to poor coding practices, or when the development of the programs is rushed due to a deadline resulting in more mistakes w/in the code and a lack of validation of input data.
(incomplete -v)
- [Furthermore, you can have low quality code where the containers within the code itself, which contain data such as arrays, are] -
2
Q
What are some examples of Application Threats ?
A
- SQL injections
- Cross-site scripting
- Session hijacking
- Identity spoofing
- Improper input value
- Security misconfiguration
- Information disclosure
- Hidden-field manipulation
- Broken session management
- Cryptography attacks
- Buffer overflow issue
- Phishing
Certified Ethical Hacker (CEH)
flashcards
Decks in class (66)
# Cards
-
Common Terms76
-
Zero Day Attack6
-
Miscellaneous Computer Processes (stuff I find and look up along the way)1
-
Daisy Chaining1
-
1st Quiz6
-
The Motivations of a Hacker - (Overview ?)7
-
Cloud Computing Threats in depth5
-
Advanced Persistent Threats in depth2
-
Viruses and Worms in depth2
-
Ransomware in depth1
-
Mobile Threats in depth1
-
Modern Age Information Warfare in depth4
-
Insider Attacks in depth2
-
Phishing1
-
Web Application Threats in depth1
-
Classification of Threats: Network Threats2
-
Host Threats2
-
Application Threats2
-
Classification of Attacks8
-
Botnets1
-
Laws, Standards, and Regulations7
-
2nd Quiz10
-
Types of Hackers2
-
What is Ethical Hacking and what is it's Purpose ?3
-
Scope of Ethical Hacking1
-
Hacking Stages5
-
3rd Quiz11
-
Information Assurance8
-
Security Controls2
-
Network Zoning4
-
Defense in Depth12
-
What Sort of Things Do Policies Regulate ?14
-
Workplace Security Policies and Examples12
-
Physical Security Controls and Risk7
-
Risk Management3
-
Threat Modeling and Incident Management4
-
UBA - User Behavior Analytics and Network Security Controls3
-
Access controls2
-
Identification Authentication Authorization Accounting and IAM5
-
Data Leakage2
-
Data Backup12
-
Data Recovery2
-
What is penetration testing ?2
-
What does a good penetration test consist of ?1
-
Why do a penetration test ?2
-
Pre-Attack Phase: Contracts2
-
Audit vs Vulnerability Assessment vs Penetration Test3
-
Red vs Blue Team !3
-
Types of Penetration Testing5
-
Pre-Attack Phase: Rules of Engagement2
-
Pre-Attack Phase: Understanding your Client's requirements2
-
Pre-Attack Phase: Scope of a Penetration Test4
-
Pre-Attack Phase: Information Gathering1
-
Pre-Attack Phase: Two Types of Information Gathering3
-
Attack Phase2
-
Attack Phase: Penetrating the Perimeter3
-
Attack Phase: Target Acquisition2
-
Attack Phase: Privilege Escalation2
-
Attack Phase: Execute, Implant, Retract.1
-
Post-Attack Phase1
-
Security Testing Methodologies11
-
Quiz solutions: Penetration testing0
-
About Footprinting2
-
Hacker State of Mind1
-
Search Engine and Online Resources2
-
Search Engine and Online Resources1
