This document contains definitions and explanations of common cybersecurity terms like hackers (white hat, black hat, grey hat), vulnerabilities (injection, XSS, sensitive data exposure), attacks (DDoS, APT, zero-day), and cryptography concepts (hashing, encryption algorithms, two-factor authentication). It provides examples to illustrate injection vulnerabilities and defines cybersecurity acronyms like CVE.
14. A1 - Injection
A2 - Broken Authentication and Session Management
A3 - Cross-Site Scripting (XSS)
A4 - Broken Access Control
A5 - Security Misconfiguration
A6 - Sensitive Data Exposure
A7 - Insufficient Attack Protection
A8 - Cross-Site Request Forgery (CSRF)
A9 - Using Components with Known Vulnerabilities
A10 - Underprotected APIs
15. <?php
…
$sql = "SELECT * FROM `users` WHERE
`account`='$name' AND `password`=‘$password'";
$result = mysql_query($sql);
…
A1 - Injection
16. SELECT * FROM `users` WHERE `account`='$name'
AND `password`=‘$password'
$name = 'shenxd';
$password = 'hahauccu';
SELECT * FROM `users` WHERE `account`='shenxd'
AND `password`='hahauccu'
A1 - Injection
17. $name = 'shenxd';
$password = '?';
SELECT * FROM `users` WHERE
`account`='shenxd' AND `password`='?'
A1 - Injection