Term
| in October 2005 the police arrested 3 men from _______ who where allegedly in control of 10,000 __________ which had been used in attempt at extortion against a US company as well as ________ |
|
Definition
| netherlands, zombie PCs, phishing and adware / spyware |
|
|
Term
| When was conficker first released? |
|
Definition
|
|
Term
| What kind of attack does conficker use to spread? |
|
Definition
|
|
Term
| What kind of packet does conficker craft? |
|
Definition
|
|
Term
| What does conficker do when infected? (3) |
|
Definition
Disables services
Attaches to windows processes
Cracks passwords |
|
|
Term
| At its peak, how big was conficker (Jan 2009) |
|
Definition
|
|
Term
| What are the duties of a web server (4)? |
|
Definition
Listen to a port
When a client is connected, read HTTP request
Perform some lookup
Send HTTP response and the requested data |
|
|
Term
| What are the three tiers of a web application? |
|
Definition
Tier 1; web browser
Tier 2; Application server running scripts
Tier 3; Database sever |
|
|
Term
| What are the four web server duties? |
|
Definition
Listen to a port
When a client connects, read HTTP request
Perform some lookup function
Send HTTP response + Req'd data |
|
|
Term
| What are two HTTP Request methods? |
|
Definition
GET: Retrieve information ID'd by URL
POST: Accept the req content and send it to the URL |
|
|
Term
| There are seven things in the HTTP Response header, what are they? |
|
Definition
HTTP
Date
Server
Last-Modified
Content-length
Connection
Content-type |
|
|
Term
| How does a server 'rememeber' a connection? |
|
Definition
| Session ID is created by the server when the initial connection is made |
|
|
Term
| What attacks can you get from tier 1 applications? |
|
Definition
Drive-by-downloads
Web trojans
XXS
Object scripting
Cookie hijacking |
|
|
Term
| What can you get between client and app logic? |
|
Definition
|
|
Term
| What attacks can you get from tier 2? |
|
Definition
Server hacking
Script injection
Session hijacking
Underlying OS |
|
|
Term
| What attacks can you get from tier 3? |
|
Definition
Direct system/ DBMS attacks
Underlying OS
SQL injection |
|
|
Term
| Between Tier 2 and Tier 3 attacks? |
|
Definition
|
|
Term
| What are the three security misconceptions? |
|
Definition
Firewall
IDS
SSL
Protect the website |
|
|
Term
| What are the six myths to do with web app sec? |
|
Definition
Trust browser input
User only sends req'd input
User cannot manipulate ddl
User cannot manipulate hidden fields
javascripts will take care of validation
Using SSL is an airtight solution |
|
|
Term
| What's the most popular attack (2009) |
|
Definition
| PDF Suspicious file download |
|
|
Term
| Which wonderful web browser gets messed up the most? |
|
Definition
|
|
Term
| Name the four criteria for categorising risks? |
|
Definition
Attack vector
Weakness prevelance
Weakness detectability
Technical impact |
|
|
Term
| Give 3 attacks (not OWASP) |
|
Definition
Buffer overflow
Canonicalization / Unicode
Injection |
|
|
Term
|
Definition
Data sent overfills variable
Return pointer overwritten
Code executes |
|
|
Term
| Offer an example of a real buffer overflow attack (not code red) |
|
Definition
| Internet printing protocol |
|
|
Term
|
Definition
| Malformed requests for .printer files invoke a vulnerable ISAPI filter with overflows into EIP Register |
|
|
Term
|
Definition
|
|
Term
| Give an example of a buffer overflow attack exploiting IPP |
|
Definition
|
|
Term
|
Definition
Day 1-19 try and spread itself
Day 20-27 launch DoS (vs Whitehouse one example)
Day 28-end of month no attacks |
|
|
Term
| So, you've set up your code red ISAPI overflow thingy worm, how do you get stuff now? |
|
Definition
| If you wanted to get the global.asa file, you would go: GET /site.com/global.asa+.htr. If you append +.htr you get the source code of the resource |
|
|
Term
| How does nimda propogate? |
|
Definition
|
|
Term
| What's a unicode vulnerability? |
|
Definition
| Substitute unicode representations for '/' when using ../ for example. |
|
|
Term
| What is the unicode representation of '/' |
|
Definition
|
|
Term
| What is the unicode representation of '\' |
|
Definition
|
|
Term
| What are the 5 consequences of client side attacks? |
|
Definition
Application Crashing
Escalated privileges
Information hijacking
Cookie hijacking / collection
Obtaining goods by deception |
|
|
Term
| What could changing an input paramater do? (4) |
|
Definition
Nothing
View unauth profile
Carsh system
Buffer overflow |
|
|
Term
| What kind of details can you get from error messages? |
|
Definition
Hidden resources
DB fields
Server side source code
Full app paths |
|
|
Term
| Six countermeasures to Web apps |
|
Definition
Patches
Good admin
Switch of unneeded file maps
Firewalls
Non standard paths
Common sense |
|
|
