Flashcards - M7: Web Application Attacks
Published on January 19, 2025
What is SQL injection?
Injecting malicious SQL queries into input fields to access or manipulate the database backend.
Describe Cross-Site Scripting (XSS).
Inserting malicious scripts (usually JavaScript) into web pages viewed by other users, enabling session hijacking or data theft.
What is Cross-Site Request Forgery (CSRF)?
An attack tricking a user’s browser into sending unauthorized requests to a site where they’re logged in, exploiting existing session cookies.
What is parameter tampering?
Modifying URL or form data (GET/POST parameters) to manipulate application logic or gain unauthorized privileges.
Why is session management critical in web security?
Improper session handling can allow attackers to hijack sessions, impersonate users, or access sensitive data.
What is a Web Application Firewall (WAF)?
A security layer monitoring and filtering HTTP traffic to protect web apps from common attacks (SQLi, XSS, etc.).
Which tools are commonly used for web app testing?
Burp Suite, OWASP ZAP, Nikto.