Web Basics
This is code to create webpages.
What is HTML?
This is why are websites so vulnerable.
What is interactivity?
This is numbers, characters, a text string, or script code that is provided by the user of a website.
What is user input?
This is a computer program designed to store lots of data in such a way that finding and retrieving any one piece of data is more efficient than dumping the data into a file with no organization.
What is a database?
Websites that we access everyday are stored on these types of computers computers.
What are servers?
This is the protocol for general network delivery of webpages.
What is HTTP?
Many web servers use these as their method of authenticating users to the website.
What are cookies?
This is a type of user input attack where a series of ../ characters are placed into a URL or software code in attempt to move up the file system tree - also known as directory climbing.
What is a directory traversal attack?
This is a computer programming language created for database tasks such as searching, updating, and extracting large amounts of data.
What is Structured Query Language (SQL)?
This is a secure protocol we use for accessing webpages for things like online banking.
What is HTTPS?
This is an HTTP CLI command used to send data to a server to create/update a resource - data sent is stored in the body of the HTTP request.
What is GET?
One of the best ways to keep your browser safe is to be sure you always keep it this.
What is updated?
This is the insertion of code into the memory buffer of a process where the data is larger than the input variable can hold and overflows into process execution space to run hostile code.
What is buffer overflow?
This is a a method to get data from a database; or a search.
What is a query?
This is when a malicious actor gets possession of a user's small data tracking packet and uses it to connect to a user's personal pages on websites.
What is cookie theft?
This is a protocol that encrypts data to securely deliver webpages.
What is HTTPS?
This is a user's visit to a website during a specific time frame.
What is a session?
This is a type of user input attack where text is inserted into form fields that is passed into an executable process with the goal of running terminal commands on the hosting server.
What is command injection?
This is the symbol for a comment in SQL.
What is # or --?
This is a configuration of a website that replaces special characters often used in scripts or attacks with their HTML equivalents so that they cannot be executed as code.
What is an escaping character?
These are the terminal commands which can request data from or send data to a web server.
What are curl and wget?
This is an app that is configured to sit between the client and the server. It's used for AiTM attacks to modify the traffic between the two systems.
What is an intercepting proxy?
This is a type of input attack where script code is added into a user input field on the web site, which is later executed in a visitor's browser.
What is Cross Site Scripting (XSS)?
This is the process of cleaning up user input so they do not interfere with the intended use of a SQL query.
What is sanitizing?
This is a non-profit organization that gathers/shares data about the most commonly exploited web application vulnerabilities.
What is OWASP?