Which of the following is a malicious exploit of a website, whereby unauthorized commands are
transmitted from a user trusted by the website?
A.
Cross-Site Scripting
B.
Injection flaw
C.
Side channel attack
D.
Cross-Site Request Forgery
Explanation:
CSRF (Cross-Site Request Forgery) is a malicious exploit of a website, whereby unauthorized
commands are transmitted from a user trusted by the website. It is also known as a one-click
attack or session riding. CSRF occurs when a user is tricked by an attacker into activating a
request in order to perform some unauthorized action. It increases data loss and malicious code
vulnerability typically found in web applications which enable malicious attackers to inject client-side script into web pages viewed by other users. An exploited cross-site scripting vulnerability can
be used by attackers to bypass access controls, such as the same origin policy. Cross-site
scripting carried out on websites were roughly 80% of all security vulnerabilities documented by
Symantec as of 2007. Their impact may range from a petty nuisance to a significant security risk,
depending on the sensitivity of the data handled by the vulnerable site, and the nature of anyis based on information gained from the physical implementation of a cryptosystem, rather than
brute force or theoretical weaknesses in the algorithms (compare cryptanalysis). For example,
timing information, power consumption, electromagnetic leaks or even sound can provide an extra
source of information which can be exploited to break the system. Many side- channel attacks
require considerable technical knowledge of the internal operation of the system on which the
foreign agent illegally uses a sub-system. They are the vulnerability holes that can be used to
attack a database of Web applications. It is the most common technique of attacking a database.
Injection occurs when user-supplied data is sent to an interpreter as part of a command or query.
The attacker’s hostile data tricks the interpreter into executing involuntary commands or changing
data. Injection flaws include XSS (HTML Injection) and SQL Injection.