A threat actor has injected JavaScript code into the output of a web application and is manipulating client-side scripts to run as desired in the browser. Which web front-end vulnerability is the threat actor exploiting?
- SQL injections
- cross-site scripting
- security misconfiguration
- broken authentication
Explanation: Web front-end vulnerabilities apply to apps, APIs, and services. Some of the most significant vulnerabilities are as follows:
- Cross-site scripting: In a cross-site scripting (XSS) attack, the threat actor injects code, most often JavaScript, into the output of a web application. This forces client-side scripts to run the way that the threat actor wants them to run in the browser.
- SQL injections: In an SQLi the threat actor targets the SQL database itself, rather than the web browser. This allows the threat actor to control the application database.
- Broken authentication: Broken authentication includes both session management and protecting the identity of a user. A threat actor can hijack a session to assume the identity of a user especially when session tokens are left unexpired.
- Security misconfiguration: Security misconfiguration consists of several types of vulnerabilities all of which are centered on the lack of maintenance to the web application configuration.
Exam with this question: IoT Security 1.1 Chapter 5 Quiz Answers
Please login or Register to submit your answer