SQL Injections & Cross-site Scripting

Question 1

Code Injection

Answer 1

Code injection → attack where an attacker inserts malicious code into an application, causing it to execute unintended commands or actions due to improper input handling.

Question 2

SQLi

Answer 2

Structured query language injection (SQLi) → code injection attack that manipulates database queries by inserting malicious structured query language commands, allowing attackers to view, modify, or delete database data.

Question 3

XSS Attack

Answer 3

Cross-site scripting (XSS) attack → code injection attack that injects malicious JavaScript into trusted websites, allowing attackers to steal session data, redirect users, or perform actions on behalf of victims.

Question 4

Non-Persistent XSS Attack

Answer 4

Non-persistent cross-site scripting → also called reflected cross-site scripting, where malicious script is embedded in a request such as a search box and executed immediately when the server reflects it back to the user.

Question 5

Persistent XSS Attack

Answer 5

Persistent cross-site scripting → also called stored cross-site scripting, where malicious code is permanently stored on the server, commonly on social networking sites, and executed whenever users view the affected content.

Question 6

Protecting against XSS

Answer 6

Protecting against cross-site scripting → security practices including validating and sanitizing user input, avoiding untrusted links, limiting or disabling JavaScript where possible, and keeping browsers and applications updated.