Chapter 3 Network Security

Attacks that exploit previously unknown vulnerabilities, so victims have no time (zero days) to prepare or defend against the attacks.

Injects scrips into web application server that will then direct attacks at clients

Takes advantage of vulnerability in the Web application program or the Web server software so that a user can move from the root directory to other restricted directories

The ability to move to another directory could allow an unauthorized user to view confidential files or even enter commands to execute on a server

Targets vulnerabilities in client applications that interact with a compromised server or process malicious data

Created from the Web site that a user is currently viewing

Privileges that are granted to users to access hardware and software resources are called

Exploiting a vulnerability in software to gain access to resources that the user would normally be restricted from obtaining is called

An attack involving using a third party to gain access rights is called a/an

is a language used to view and manipulate data that is stored in a relational database

HTML is a markup language that uses specific ____ embedded in brackets

is designed to display data, with the primary focus on how the data looks

is for the transport and storage of data, with the focus on what the data is

Users who access a Web server are usually restricted to the ____ directory

The default root directory of the Microsoft Internet Information Services (IIS) Web server is

For a Web server using a Linux operating system, the default root directory is typically

The expression ____ up one directory level.

Web application attacks are considered ____ attacks.

A client-side attack that results in a user's computer becoming compromised just by viewing a Web page and not even clicking any content is known as a

The ____ is part of an HTTP packet that is composed of fields that contain the different characteristics of the data being transmitted

A/an____ is an attack in which an attacker attempts to impersonate the user by using his session token.

A/an ____ attack is similar to a passive man-in-the-middle attack.

When TCP/IP was developed, the host table concept was expanded to a hierarchical name system for matching computer names and numbers known as the

substitutes DNS addresses so that the computer is automatically redirected to another device.

When DNS servers exchange information among themselves it is known as a

The Chinese government uses _____ to prevent Internet content that it considers unfavorable from reaching its citizenry.

All Web traffic is based on the ___________ protocol.

A(n) ____________________ is a method for adding annotations to the text so that the additions can be distinguished from the text itself.

A(n) ____________________ cookie is stored in Random Access Memory (RAM), instead of on the hard drive, and only lasts for the duration of visiting the Web site.

The predecessor to today's Internet was a network known as