Tools
What pentesting tool is used to intercept and modify HTTP and HTTPS traffic between a client and server?
Burp Suite
What is the term for sending fraudulent SMS messages to trick users into sharing sensitive information?
Smishing
This term refers to software flaws that can be exploited by attackers.
Bugs or software vulnerabilities
This popular tool is used to perform network discovery and security auditing.
Nmap
What attack involves intercepting and altering communication between two parties without their knowledge?
Man-in-the-Middle (MITM)
What vulnerability arises when a mobile app fails to properly validate user input, allowing SQL injection attacks?
Improper Input Validation
This framework is widely used for developing and executing exploit code against a remote target machine.
Metasploit
What attack targets mobile apps by injecting malicious code into their runtime environment?
Dynamic Code Injection
This type of vulnerability occurs when user input is not properly validated, leading to code execution.
Remote code execution (RCE)
This Linux distribution is preloaded with security tools and used by penetration testers.
Kali Linux
What is the term for an attack where an attacker decompiles a mobile app to discover sensitive information like API keys or credentials?
Reverse Engineering
What is the risk of using outdated libraries or SDKs in mobile application development?
Vulnerabilities in Third-Party Components
This password cracking tool uses dictionary, brute-force, and rainbow table attacks.
John the Ripper
This attack exploits trust between a website and a user’s browser to perform unauthorised actions.
Cross-Site Request Forgery (CSRF)
This class of vulnerability involves exploiting buffer boundaries to overwrite memory.
Buffer Overflow