1
Q
[…], otherwise known as XSS, occurs when an attacker sends a victim a link to a legitimate website that contains a malicious script embedded in the URL, which is executed when clicked on.
The malicious script then sends the victims data to the attacker (session cookies, credentials, etc)
A
Cross-Site Scripting
2
Q
A […] XSS attack allows scripts to be run in user input
Affects only users who click on the link
Ex:
Search Box
A
Non-persistent (Reflected)
3
Q
A […] attack involves the attacker posting the malicious link to a social media platforms server, which means everyone gets the payload now.
Affects everyone who visits the website
A
Persistent XSS
(Stored)
4
Q
To protect yourself against XSS attacks, you should:
-[…]
-[…]
-[…]
-[…]
A
- Be careful when clicking untrusted links
- Consider disabling JavaScript, or limit its capabilities
- Keep browser and applications updated
- Validate input (Don’t allow users to add their own scripts to input fields)
Security+
flashcards
Decks in class (67)
# Cards
-
Security Controls 1.111
-
The CIA Triad 1.24
-
Non-Repudiation 1.28
-
Authentication, Authorization, and Accounting 1.26
-
Gap Analysis 1.21
-
Zero Trust 1.219
-
Deception and Disruption 1.24
-
Change Management 1.34
-
Technical Change Management 1.310
-
Public Key Infrastructure (PKI) 1.46
-
Encrypting Data 1.47
-
Key Exchange 1.42
-
Encryption Technologies 1.44
-
Obfuscation3
-
Hashing and Digital Signatures 1.43
-
Blockchain Technology 1.41
-
Certificates 1.48
-
Threat Actors 2.111
-
Threat Vectors 2.213
-
Phishing 2.25
-
Impersonation 2.23
-
Watering Hole Attack 2.21
-
Other Social Engineering Attacks 2.22
-
Memory Injections 2.33
-
Buffer Overflows 2.31
-
Race Conditions1
-
Malicious Updates0
-
Operating System Vulnerabilities 2.32
-
SQL Injection 2.32
-
Cross-Site Scripting 2.34
-
Hardware Vulnerabilities 2.37
-
Virtualization Vulnerabilities 2.32
-
Cloud Specific Vulnerabilities 2.34
-
Supply Chain Vulnerabilities 2.32
-
Misconfiguration Vulnerabilities 2.37
-
Mobile Device Vulnerabilities 2.32
-
Zero Day Vulnerabilities 2.31
-
An Overview of Malware 2.43
-
Viruses & Worms 2.47
-
Spyware & Bloatware 2.42
-
Other Malware Types 2.44
-
Physical Attacks 2.43
-
Denial of Service 2.47
-
DNS Attacks 2.44
-
Wireless Attacks 2.45
-
On Path Attacks 2.47
-
Application Attacks 2.41
-
Cryptographic Attacks 2.44
-
Password Attacks 2.42
-
Indicators of Compromise 2.410
-
Segmentation and Access Control4
-
Mitigation Techniques 2.57
-
Hardening Techniques 2.59
-
Cloud Infrastructures 3.16
-
Network Infrastructure Concepts 3.16
-
Other Infrastructure Concepts 3.18
-
Infrastructure Considerations 3.19
-
Secure Infrastructures 3.24
-
Intrusion Prevention 3.24
-
Network Appliances10
-
Port Security 3.22
-
Firewall Types 3.26
-
Secure Communication 3.25
-
Data Types and Classifications 3.315
-
States of Data 3.311
-
Protecting Data (Methods) 3.310
-
Resiliency 3.47
