A threat actor has injected JavaScript code into the output of a web application and is manipulating client-side scripts to run as desired in the browser. Which web front-end vulnerability is the threat actor exploiting?

IT Questions BankCategory: IoT SecurityA threat actor has injected JavaScript code into the output of a web application and is manipulating client-side scripts to run as desired in the browser. Which web front-end vulnerability is the threat actor exploiting?

A threat actor has injected JavaScript code into the output of a web application and is manipulating client-side scripts to run as desired in the browser. Which web front-end vulnerability is the threat actor exploiting?

  • SQL injections
  • cross-site scripting
  • security misconfiguration
  • broken authentication

Explanation: Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most significant vulnerabilities are as follows:

  • Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
  • SQL injections: In an SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
  • Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
  • Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.

Exam with this question: IoT Security 1.1 Chapter 5 Quiz Answers

Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments