(ISC)2 Certified in Cybersecurity Practice Exam

What type of attack attempts to exploit web applications by injecting malicious script into web pages?

• A. SQL Injections
• B. XSS
• C. Fault Injection Attacks
• D. Worms

The correct answer is: XSS

The type of attack that attempts to exploit web applications by injecting malicious scripts into web pages is known as Cross-Site Scripting (XSS). In XSS attacks, an attacker exploits vulnerabilities in a web application by inserting malicious client-side scripts into content that is then served to users. This allows the attacker to execute these scripts in the context of the user's browser, leading to a variety of malicious outcomes, such as stealing session cookies, logging keystrokes, or redirecting users to malicious sites. The nature of XSS allows attackers to bypass the same-origin policy of web browsers, making it particularly dangerous since it can lead to unauthorized actions taken on behalf of users without their consent. The impact of XSS can be severe, often resulting in compromised user accounts, data theft, and degradation of trust in the targeted web application. Other types of attacks listed, such as SQL injections, primarily target the back-end database of an application rather than injecting scripts into web pages. Fault Injection Attacks exploit vulnerabilities in the functioning of applications through error handling rather than through script injection. Worms are malware that replicate themselves and spread across networks but do not typically exploit web applications through script injection. This context helps solidify the understanding of why Cross-Site Scripting