9.2.2 User Input Security

When a user fills in a form.

When a user views a webpage.

When a user downloads a file.

When a user reads an email.

Directory Traversal

Phishing

Man-in-the-Middle

Denial of Service

Buffer Overflow

Command Injection

Cross-Site Scripting (XSS)

Phishing

An attack where malicious scripts are injected into trusted websites.

An attack that disrupts the service of a network.

An attack that intercepts communication between two parties.

An attack that encrypts data and demands ransom.

To delete files in the root folder

To access files outside the permitted system space

To encrypt files in the system

To create new files in the root folder

Inserting a series of ../ characters into the URL or software code

Deleting system files

Encrypting the root folder

Creating new user accounts

A situation where the data is smaller than the input variable can hold.

A situation where the data is larger than the input variable can hold and overflows into process execution space to run hostile code.

A situation where the data is exactly the size of the input variable.

A situation where the data is stored in the CPU.

It can execute with system-level privileges.

It can be deleted automatically.

It can be stored in the memory buffer.

It can be transferred to another system.

To insert text into form fields for data validation

To run terminal commands on the hosting server

To enhance the user interface of a website

To improve website performance

By using special characters to connect parts of the user input

By using long strings of text

By inserting HTML tags

By using encrypted data