Based upon your readings this week, explain what each of the following terms mean and how they can be prevented.  This will aid you in preparing for the quiz on this material.  Topics: Buffer Overflow Injections (SQL, HTML, Command, Code) Authentication Credential brute force Session hijacking Redirect Default credentials Weak credentials Kerberos exploits Authorization Parameter pollution Insecure direct object reference Cross-site scripting (XSS) Stored/persistent Reflected DOM Cross-site request forgery (CSRF/XSRF) Clickjacking Security misconfiguration Directory traversal Cookie manipulationLinks to an external site. File inclusion Local Remote Unsecure code practices Comments in source code Lack of error handling Overly verbose error handling Hard-coded credentials Race conditions Unauthorized use of functions/unprotected APIs Hidden elements (sensitive info in the DOM) Lack of code signing

Database System Concepts
7th Edition
ISBN:9780078022159
Author:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Chapter1: Introduction
Section: Chapter Questions
Problem 1PE
icon
Related questions
Question

Based upon your readings this week, explain what each of the following terms mean and how they can be prevented.  This will aid you in preparing for the quiz on this material. 

Topics:

  • Buffer Overflow
  • Injections (SQL, HTML, Command, Code)
  • Authentication
    • Credential brute force
    • Session hijacking
    • Redirect
    • Default credentials
    • Weak credentials
    • Kerberos exploits
  • Authorization
    • Parameter pollution
    • Insecure direct object reference
  • Cross-site scripting (XSS)
    • Stored/persistent
    • Reflected
    • DOM
  • Cross-site request forgery (CSRF/XSRF)
  • Clickjacking
  • Security misconfiguration
    • Directory traversal
    • Cookie manipulationLinks to an external site.
  • File inclusion
    • Local
    • Remote
  • Unsecure code practices
    • Comments in source code
    • Lack of error handling
    • Overly verbose error handling
    • Hard-coded credentials
    • Race conditions
    • Unauthorized use of functions/unprotected APIs
    • Hidden elements (sensitive info in the DOM)
    • Lack of code signing
Expert Solution
steps

Step by step

Solved in 4 steps

Blurred answer
Knowledge Booster
Encryption and Decryption
Learn more about
Need a deep-dive on the concept behind this application? Look no further. Learn more about this topic, computer-science and related others by exploring similar questions and additional content below.
Similar questions
  • SEE MORE QUESTIONS
Recommended textbooks for you
Database System Concepts
Database System Concepts
Computer Science
ISBN:
9780078022159
Author:
Abraham Silberschatz Professor, Henry F. Korth, S. Sudarshan
Publisher:
McGraw-Hill Education
Starting Out with Python (4th Edition)
Starting Out with Python (4th Edition)
Computer Science
ISBN:
9780134444321
Author:
Tony Gaddis
Publisher:
PEARSON
Digital Fundamentals (11th Edition)
Digital Fundamentals (11th Edition)
Computer Science
ISBN:
9780132737968
Author:
Thomas L. Floyd
Publisher:
PEARSON
C How to Program (8th Edition)
C How to Program (8th Edition)
Computer Science
ISBN:
9780133976892
Author:
Paul J. Deitel, Harvey Deitel
Publisher:
PEARSON
Database Systems: Design, Implementation, & Manag…
Database Systems: Design, Implementation, & Manag…
Computer Science
ISBN:
9781337627900
Author:
Carlos Coronel, Steven Morris
Publisher:
Cengage Learning
Programmable Logic Controllers
Programmable Logic Controllers
Computer Science
ISBN:
9780073373843
Author:
Frank D. Petruzella
Publisher:
McGraw-Hill Education