Exam SY0-601 topic 1 question 155 discussion

I think this is correct. Application Source Code -> Code Review CRM Server - > Record Level access Control Web Server -> WAF and URL Filtering - I initially went with Input Validation instead of URL filtering, but URL filtering works by comparing all web traffic against URL filters, which are typically contained in a database of sites that users are permitted to access or denied from accessing. Database ->Input validation

The Answer is cross-site scripting, this is from Darryl Gibson's website. Q. A penetration tester has successfully exploited a vulnerability against your organization giving him access to the following data: User, password, login-date, cookie-id Homer, canipass, 2016-09-01 11:12, 286755fad04869ca523320acce0dc6a4 Bart, passican, 2016-09-01 11:15, 8edd7261c353c87a113269cd37635c68 Marge, icanpass, 2016-09-01 11:19, 26887fbd90ac0340e29ad62470270401 What type of attack does this represent? A. SQL injection B. XML injection C. XSS D. Session hijacking Answer: C. Cross-site scripting (XSS) is the best choice of the available answers. You can see that the penetration tester is looking at cookies because the header includes ‘cookie-id’ and successful cross-site scripting (XSS) attacks allow attackers to capture user information such as cookies.

Session hijacking CRM server ----> none of the above (BLANK) Database----> Record-level access control (to control access to individual records) Web server ---> URL filtering (to prevent the web server from accessing malicious websites) & WAF (to inspect incoming and outgoing HTTP traffic) App source code -----> input validation (to prevent injection attacks) & Code review (following best practices to protect against vulnerabilities)

I think this is an SQL injection. If you look at the response data provided, it lists out the data in columns and rows, just like if you were displaying a database table.

This was in the exam. All the questions were from 1-849. Make sure to understand the questions and the answers. Look it up and study all the details of every question. Don't just memorize it. Understand it and think how you an deploy or use at your work or in enterprise. Exam taken on Mar 2024.

Application Source Code within Repository-> Code Review CRM Server-> Record Level Access Control Web Server-> WAF/URL Filtering Database->Input Validation SQL Injection On the login landing page all user credentials were displayed SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code for backend database manipulation to access information that was not intended to be displayed. This information may include any number of items, including sensitive company data, user lists or private customer details.

This was on my exam, 11/29/23

I think the answer is correct. Because in the request section, the user enters a username and password, and as a response, the cookie IDs are generated. XSS Attack Scenario: When other users visit the affected page, the injected scripts execute in their browsers, potentially leading to cookie theft, session manipulation, or performing unauthorized actions on the user's behalf. SQLi doesn't make any sense to me. There is no words like "get, select, union etc." or symbols ' ' . Session hijacking intercepts the network traffic and takes control of an active session. There is no sign about it.

Does the "Submit Query" button on the request screen give any credence to this being a SQLi attack?

The attack seems to be SQLi based on; -The input page shows input which the web-app will use to access the database - The response page shows a list of users --Since it's multiple users, it can only come from the DB and not from a single-scoped attack --The cookie-id field is used to match the cookie-id of the user's sessions--a common way to handle sessions in web apps. --The login times are also common DB options --There're no proof of XSS anywhere and it wouldn't reveal multiple users accounts --There's no evidence of XML anywhere --There's no evidence of session hijacking and it would also be scope to just one account -WAF and URL filtering on the web server -Input validation and Code Review on the Source Code repository (you don't do input validation on the db server--it doesn't care) -Record level access control on the CRM, because it obviously isn't on the db (since multiple records have been exfiltrated)

Why input validation would be dragged to Database server? it should be on Application code repo, because it's one of the application security if we are talking about DB security that would be like encrypting sensitive data like DataMasking, Data Tokenization, HashingSalting passwords for example. I think my answer will be: Application Source Code > Code review + Input Validation CRM Server > Record level Access control Web Server > WAF + URL Filtering Regarding the attack I am between Session Hijacking and SQL Injection :(

https://blogs.getcertifiedgetahead.com/cookie-attacks-security/ A SQL injection attack uses a SQL statement, and typically includes a phrase such as or 1=1. An XML injection attack would include XML markup data, with XML tags within the < and > symbols. A session hijacking attack uses a cookie to take over a session. However, it’s more than just the text within a cookie.

is the 1st window the attacker tablet?

MorganB 0 minutes ago Awaiting moderator approval Pass my exam 27, April 23. This question was not on my exam but replaced with another simulation question.

Why would a web server need a URL filter?

i'm a bit confused... but in the end i think i'll go for sql injection, if anyone could clarify i'd be grateful!

I took my exam yesterday (3/8/2023) and this question was there. 3/4 of PBQs were from here and 80% of MC too. This study community helped me a lot--Thank you!!