1.6 Flashcards
race conditions.
Time-of-check-to-time-of-use (TOCTTOU) attacks are often called race conditions because the attacker is racing with the legitimate process to replace the object before it is used. Another form of race condition attack occurs when two processes are running concurrently and one process is designed to finish first, but the attack alters the processing to change the order of completion.
end-of-life systems
End-of-life systems are those that are no longer receiving updates and support from their vendors. If an organization continues to use an end-of-life system, then the risk of compromise is high because no future exploitation will ever be patched or fixed.
embedded systems
An embedded system is any form of computing component added to an existing mechanical or electrical system for the purpose of providing automation and/ or monitoring.
Realize that there may be a lack of vendor support
Any system, whether hardware or software, will become more insecure over time once it lacks vendor support. The lack of vendor support can be due to end-of-life dropping of support, but it can also be a “feature” of the product all along, where the vendor does not provide any improvement, support, or patching/ upgrading of the product after the initial sale.
Understand improper input handling.
Many forms of exploitation are caused by the lack of input sanitization or validation. Only with proper input handling can software exploitation be reduced or eliminated.
Know proper input handling.
There are three main forms of input filtering that should be adopted by every programmer and included in every code they author: check for length, filter for known malware patterns, and escape metacharacters.
Understand improper error handling.
Improper error handling may allow for the leaking of essential information to attackers or enable attackers to force a system into an insecure state. If error messages are not handled properly, they may disclose details about a flaw or weakness that will enable an attacker to fine-tune their exploit.
misconfiguration/ weak configuration.
When misconfigurations or weak configurations are allowed to remain while a system is in active productive use, the risk of data loss, data leakage, and overall system compromise is higher.
risks of default configuration.
Default configurations should never be allowed to remain on a device or within an application. The tyranny of the default is the fact that defaults are usually insecure and thus leave a system open to simple compromise.
resource exhaustion
Resource exhaustion occurs when applications are allowed to operate in an unrestricted and unmonitored manner so that all available system resources are consumed in the attempt to serve the requests of valid users or in response to a DoS attack.
untrained users
Untrained users are more likely to make mistakes or abuse a system’s resources and capabilities.
improperly configured accounts
Untrained users are more likely to make mistakes or abuse a system’s resources and capabilities.
vulnerable business processes.
All business tasks, processes, procedures, and functions should be assessed as to their importance to the organization and their relative vulnerabilities.
weak cipher suites and implementations
Many older algorithms or implementations of algorithms have known flaws, weaknesses, or means of compromise. These weaker ciphers should be avoided and disabled and replaced with stronger cipher suites with few or no issues.
memory leaks.
A memory leak occurs when a program fails to release memory or continues to consume more memory.
