Hacking the Code: ASP.NET Web Application Security

Appendix B: Glossary of Web Application Security Threats

Appendix B: Glossary of Web Application Security Threats

Account Hijacking
Taking over the account of a legitimate user, sometimes denying the rightful user access to his or her account.
Account Hopping
Manipulating an existing authentication token to gain access to another user s account.
Brute Force Attack
The process of discovering user credentials by trying every possible character combination. Brute force attacks can be optimized by first trying dictionary words, common passwords, or predictable character combinations.
Backdoor Attack
Exploiting poorly implemented protection mechanisms by circumventing authentication or accessing content directly.
Banner Grabbing
The process of connecting to TCP ports and reading return banners to determine the type of service and software platform.
Buffer Overflow
Overwriting a buffer by sending more data than a buffer can handle, resulting in the application crashing or executing code of the attacker s choice.
Buffer Overrun
See Buffer Overflow.
Command Injection
Injecting special shell metacharacters or otherwise manipulating input to cause the server to run shell commands or other code of the attacker s choice.
Console Attack
An attack launched physically from the system s local console.
Content Spoofing
Creating fake web content that mimics a web site to deceive a user into revealing login credentials or other sensitive information.
Cookie Manipulation
Modifying a browser cookie to exploit a security flaws in a web application.
Cookie Hijacking
Stealing the authentication cookie of a legitimate user to authenticate as and impersonate that user.
Cross-Site Request Forgery (CSRF)
Exploiting a site s trust of a user to perform a transaction in...

UNLIMITED FREE
ACCESS
TO THE WORLD'S BEST IDEAS

SUBMIT
Already a GlobalSpec user? Log in.

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.

Customize Your GlobalSpec Experience

Category: Security Software
Finish!
Privacy Policy

This is embarrasing...

An error occurred while processing the form. Please try again in a few minutes.