Which of the following types of application attacks wou…

Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted
sources?

Which of the following types of application attacks would be used to identify malware causing security breaches that have NOT yet been identified by any trusted
sources?

A.
Zero-day

B.
LDAP injection

C.
XML injection

D.
Directory traversal

Explanation:
The security breaches have NOT yet been identified. This is zero day vulnerability. A zero day vulnerability refers to a hole in software that is unknown to the
vendor. This security hole is then exploited by hackers before the vendor becomes aware and hurries to fix it–this exploit is called a zero day attack. Uses of zero
day attacks can include infiltrating malware, spyware or allowing unwanted access to user information. The term “zero day” refers to the unknown nature of the hole
to those outside of the hackers, specifically, the developers. Once the vulnerability becomes known, a race begins for the developer, who must protect users.

Incorrect Answers:
B: LDAP Injection is an attack used to exploit web based applications that construct LDAP statements based on user input. When an application fails to properly
sanitize user input, it’s possible to modify LDAP statements using a local proxy. This could result in the execution of arbitrary commands such as granting
permissions to unauthorized queries, and content modification inside the LDAP tree. The same advanced exploitation techniques available in SQL Injection can be
similarly applied in LDAP Injection. LDAP injection is not a term used for an unknown security breach. This answer is therefore incorrect.
C: When a web user takes advantage of a weakness with SQL by entering values that they should not, it is known as a SQL injection attack. Similarly, when the
user enters values that query XML (known as XPath) with values that take advantage of exploits, it is known as an XML injection attack. XPath works in a similar
manner to SQL, except that it does not have the same levels of access control, and taking advantage of weaknesses within can return entire documents. The best
way to prevent XML injection attacks is to filter the user’s input and sanitize it to make certain that it does not cause XPath to return more data than it should. XML
injection is not a term used for an unknown security breach. This answer is therefore incorrect.
D: Directory traversal is a form of HTTP exploit in which a hacker uses the software on a Web server to access data in a directory other than the server’s root
directory. If the attempt is successful, the hacker can view restricted files or even execute commands on the server. Although some educated guesswork is
involved in finding paths to restricted files on a Web server, a skilled hacker can easily carry out this type of attack on an inadequately protected server by
searching through the directory tree. The risk of such attacks can be minimized by careful Web server programming, the installation of software updates and
patches, filtering of input from browsers, and the use of vulnerability scanners. Directory traversal is not a term used for an unknown security breach. This answer is
therefore incorrect.

http://www.pctools.com/security-news/zero-day-vulnerability/ https://www.owasp.org/index.php/LDAP_injection
Dulaney, Emmett and Chuck Eastton, CompTIA Security+ Study Guide, Sixth Edition, Sybex, Indianapolis, 2014, p 337
http://searchsecurity.techtarget.com/definition/directory-traversal



Leave a Reply 0

Your email address will not be published. Required fields are marked *