< All CompTIA Security+ Notes

technobaba | CompTIA Security+ | Module 3

By: Clouds | Related Course: CompTIA Security+ | Published: August 25, 2016 | Modified: August 29, 2016
Join Cybrary

NotepadApplication Attacks.

XSS: attacker is able to convince the user to run a script within their web browser session.

SQL(Structured Query Language) attack: Injecting a malicious code into the organization database through established web session.


NotepadAssessment Techniques:

Baseline reporting

Code Review

Determine attack surface

Review Architecture

Review Designs


Cookies: Text file pushed to the system to monitor the preference.  


hoax attack

Smurf Attack

NotepadINterpret results of security assessment tools.



Vulnerability Scanner


HoneyNet – Different honeypots put together.


BAnner Grabbing






NotepadLDAP and

LDAP injection: Similar to SQL.

XML Injection:

Directory traveresal/Command injection:

Buffer overflow:


Malware; Virus, Worms, Trojans.



Rootkits: gaining the root or administrative access of the system.

Backdoors: creation of doors in a software to do back end testing and login to the system without any login. means if a backdoor is enabled i a software then the developer can any time log into the software and do what he want. so before making  a software out he needs to disable the backdoor.

logic bombs: as name suggestes they are triggered to be activate at certain time or when certain event occur.

polymorphic malware: changes form when it’s been transfered from one place to other place one medium to other.

armoured virus: encrypted virus. which helps the virus to get undettected.


Vishing: Via telephone/VOIP

Spear Phishing:

XMAS Attack:

Pharming Attack: – Change host file.

DNS Poisoning: – Corrupt DNS.

ARP Poisoning: – Corrupt ARP cache.

Malicious insider threat:

Client side attack: flaws in the client side operating system.

Transitive access attack: It exploits the trust relationship between the different machines have between them. Like A trusts B and B trust C so we attack C and can attack A. But noewadays the OS, Firewall dont trust anybody.

Birthday Attack: Exploits the weakness in the mathematical algorithm that generates hashes.

URL hijacking/Typo squatting:


NotepadTypes of Wireless attack

Rouge access point. any access point put on the network without the administrator for stealing crdentials is known as the rouge access point.{i.e router} 802.1x – remedy.

Evil twin- Fake access point allowing to login the user to login and use inenternet. {Created a hotspot and then the user join and get affected.}

Interference/jamming: To intercept the signals and interfering with signal transmission.

Bluetooth attack: Bluesnarfing, BlueJacking.

< All CompTIA Security+ Notes
Join Cybrary

Our Revolution

We believe Cyber Security training should accessible for everyone, everywhere. Everyone deserves the OPPORTUNITY to learn, begin and grow a career in this fascinating field. Therefore, Cybrary is the world's largest community where people, companies and training come together to give everyone the ability to collaborate in an open source way that is revolutionizing the cyber security educational experience.

Support Cybrary

Donate Here to Get This Month's Donor Badge


We recommend always using caution when following any link

Are you sure you want to continue?