9781111640125_IM_ch03

Security+ Guide to Network Security Fundamentals

  • No School
  • NONE 0
  • Notes
  • 9
  • 75% (8) 6 out of 8 people found this document helpful

This preview shows page 3 - 6 out of 9 pages.

10. Explain that a markup language is a method for adding annotations to the text so that the additions can be distinguished from the text itself. 11. Note that an XML injection attack is similar to an SQL injection attack; an attacker who discovers a Web site that does not filter input user data can inject XML tags and data into the database. 12. Mention that a directory traversal attack takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories. Client-Side Attacks 1. Define a client-side attack as an attack that targets vulnerabilities in client applications that interact with a compromised server or process malicious data. 2. Explain that the most common attacks are header manipulation, cookies and attachments, session hijacking, and malicious add-ons. 3. Use Table 3-2 to discuss some of the standard HTTP header fields. Teaching Tip Explain to students that the unchecked Web application is a risk to the organization hosting the application and the users that rely on the application in their daily lives. The risk of loss is real and no matter how much effort an organization puts into securing their environment, there is always some residual risk.
Image of page 3

Subscribe to view the full document.

Security+ Guide to Network Security Fundamentals, Fourth Edition 3-4 4. Discuss examples of HTTP header attacks, which include referrer and accept-language. 5. Define cookies as computer files that contain user-specific information. 6. Describe the following types of cookies: a. First-party cookie b. Third-party cookie c. Session cookie d. Persistent cookie e. Secure cookie f. Flash cookie 7. Explain that cookies can pose both security and privacy risks. Cookies can be used to track the browsing or buying habits of a user. 8. Explain that session hijacking is an attack in which an attacker attempts to impersonate the user by using his session token. 9. Discuss how session hijacking is generally conducted. 10. Define ActiveX as a method to make programs interactive using a set of rules and controls. 11. Discuss the security concerns that ActiveX poses. Buffer Overflow Attacks 1. Explain that a buffer overflow occurs when a process attempts to store data in random access memory (RAM) beyond the boundaries of a fixed-length storage buffer. This extra data overflows into the adjacent memory locations and under certain conditions may cause the computer to stop functioning. 2. Mention that attackers use a buffer overflow in order to compromise a computer. Use Figure 3-8 to illustrate your explanation. Quick Quiz 1 1. A(n) ____ is a method for adding annotations to the text so that the additions can be distinguished from the text itself. Answer: markup language Teaching Tip Discuss with students how prevalent buffer overflow attacks are in the scope of attacks on the client, even more important than the failure to check data on the Web application
Image of page 4
Security+ Guide to Network Security Fundamentals, Fourth Edition 3-5 2. True or False: XML is designed to carry data instead of indicating how to display it.
Image of page 5

Subscribe to view the full document.

Image of page 6
You've reached the end of this preview.
  • '
  • NoProfessor
  • HTTP cookie, Code injection, Network Security Fundamentals

{[ snackBarMessage ]}

What students are saying

  • Left Quote Icon

    As a current student on this bumpy collegiate pathway, I stumbled upon Course Hero, where I can find study resources for nearly all my courses, get online help from tutors 24/7, and even share my old projects, papers, and lecture notes with other students.

    Student Picture

    Kiran Temple University Fox School of Business ‘17, Course Hero Intern

  • Left Quote Icon

    I cannot even describe how much Course Hero helped me this summer. It’s truly become something I can always rely on and help me. In the end, I was not only able to survive summer classes, but I was able to thrive thanks to Course Hero.

    Student Picture

    Dana University of Pennsylvania ‘17, Course Hero Intern

  • Left Quote Icon

    The ability to access any university’s resources through Course Hero proved invaluable in my case. I was behind on Tulane coursework and actually used UCLA’s materials to help me move forward and get everything together on time.

    Student Picture

    Jill Tulane University ‘16, Course Hero Intern