A threat actor has hijacked a session to assume the identity of a valid user. Which web front-end vulnerability is the threat actor exploiting?

A threat actor has hijacked a session to assume the identity of a valid user. Which web front-end vulnerability is the threat actor exploiting?

• cross-site scripting
• SQL injections
• broken authentication
• security misconfiguration

Explanation: Web front-end vulnerabilities apply to apps, APIs and services. Some of the most significant vulnerabilities are as follows:

• Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
• SQL injections: In a SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
• Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
• Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.

Exam with this question: IoT Security 1.1 Chapter 5 Quiz Answers