A hacker tries to compromise your system by submitting script into a field in a web application that is then stored as data in the web site database. The hacker is anticipating when you navigate to the site that your browser will parse the script and execute it. What type of attack is this? Cross-site scripting Buffer overflow Folder traversal SQL injection

A hacker tries to compromise your system by submitting script into a field in a web application that is then stored as data in the web site database. The hacker is anticipating when you navigate to the site that your browser will parse the script and execute it. What type of attack is this? Cross-site scripting Buffer overflow Folder traversal SQL injection

Database System Concepts

7th Edition

ISBN:9780078022159

Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan

Chapter1: Introduction

Section: Chapter Questions

Problem 1PE

See similar textbooks

Similar questions

q18- If there is a persistent malicious script on a website that will impact/infect anyone visiting the page such attacks are called a. Reflected Cross Site Scripting b. Broken Authentication c. SQL Injection d. Persistent XSS (Cross Site Scripting)
For the CoinMiner malware, please write a short paragraph based on the given background and website info: CoinMiner – Trojan CoinMiner is a cryptocurrency miner family that typically uses Windows Management Instrumentation (WMI) to spread across a network. Additionally, it often uses the WMI Standard Event Consumer scripting to execute scripts for persistence. However, the malware’s capabilities may vary since there are multiple variants. CoinMiner spreads through malspam or is dropped by other malware. https://www.cisecurity.org/insights/blog/top-10-malware-december-2022 Coin Miner is a malware type that uses the hardware elements of the victim’s PC to mine cryptocurrencies. Most often, crooks who control such coin miner virus (Monero (XMR) or (Litecoin an example), as they are the easiest for mining. They can use the software that is similar or even completely repeats the one used for legit mining, but with a key difference - people whose hardware is used never agreed for this.…
The web attack that involves the insertion of a malicious code in a frequently visited web page is known as ___________ a. SQL injection b. Cross-site scripting c. Request forgery d. all of the above
For the Agent Tesla malware, please write a short paragraph based on the given background and website info: Agent Tesla is a RAT that targets Windows operating systems. It is available for purchase on criminal forums as Malware-as-a-Service (MaaS). It has various capabilities depending on the version purchased, including capturing keystrokes and screenshots, harvesting saved credentials from web browsers, copying clipboard data, exfiltrating victim files, and loading other malware onto the host. https://www.cisecurity.org/insights/blog/top-10-malware-december-2022 Agent Tesla is an extremely popular spyware Trojan written for the .NET framework that has been observed since 2014 with many iterations since then. It is used to steal sensitive information from a victim’s device such as user credentials, keystrokes, clipboard data, credentials from browsers, and other information. This information can then be traded or used for business intelligence or ransom. Agent Tesla is most commonly…
1) In conducting security testing on the Alexander Rocco network, you have found that the company configured one of its Windows Server 2016 computers as an enterprise root CA server. You have also determined that Ronnie Jones, the administrator of the CA server, selected MD5 as the hashing algorithm for creating digital signatures.Based on this information, write a one-page report explaining possible vulnerabilities caused by signing certificates with MD5. The report should cite articles about MD5 weaknesses and include recommendations from Microsoft about using MD5 in its software. 2) After conducting research for Case Project 12-1, you have gathered a lot of background about the release of information on hashing algorithms. Articles on vulnerabilities of SHA-1, MD4, and MD5 abound. The proliferation of programs for breaking DVD encryption codes and the recent imprisonment of an attacker who broke Japan’s encryption method for blocking certain images from pornographic movies have…
13. _________ is the practice of identifying a user name. Group of answer choices Account harvesting Password cracking Authentication Authorization A functional access control An intrusion detection system 14. When performing security tests for an e-commerce website, which of the following are examples of structural security risks? Choose ALL which apply. Group of answer choices account harvesting password cracking SQL injection buffer overflow encryption levels 19. Fill in the blank for the secure coding practice provided below: Proven session management _____________________ are used to create random session identifiers.
An XSS attack requires a website meets two criteria: a. Web browser should have support JavaScript and accept user inputs. b. Accepts user input without validating it and SQL database should be running in the back-end. c. Accepts user input without validating it and construct the response based on user input. d. All of them
Hub pages are well-known websites which provide definitive information on a particular set of topics. True False NYtimes.com is an example of a hub page. True False A cookie is a piece of data stored on a web browser to keep track of a user’s usage history. True False
Explain which "technique" can be used to provide secure authentication and authorization for the following scenario. Scenario: A company is developing a web application that allows users to sign in with their social media accounts and post updates to those accounts. The company wants to ensure that user data is kept secure and protected, and that users are only authorized to access their own accounts. In your answer, address the following points: 1) Explain the basics of the technique and how it can be used for authentication and authorization. 2) Describe how the technique could be implemented in this scenario to authenticate users and authorize access to their social media accounts. 3) Explain the benefits of using the technique in this scenario. 4) Discuss any potential drawbacks or limitations of using the technique in this scenario.
Discuss the role of web security in protecting against common web application vulnerabilities, such as XSS and SQL injection.
Question 11 mah .Research online and locate at least two malware attacks on a business database. Were there any similarities or differences? Write a minimum 2-paragraph summary of your findings. Include the URL of the source(s) you used. Full explain this question and text typing work only We should answer our question within 2 hours takes more time then we will reduce Rating Dont ignore this line
1)Alice wants to make a purchase from Etailer.com, an online retail store. She notices that her web browser received a copy of Etailer.com's X.509 certificate, which contains Etailer.com's public key. Alice notices that the certificate also includes an RSA signature from a certificate authority(CA). a) how can alice be sure that the public key listed on the certificate really belongs to Etailer.com? be specific b) what would be the security impact if a CA was compromised in some manner? be specific c)why can Alice rely on the CA to validate Etailer.com's certificate? be specific