application defense II Flashcards
unwanted and unsolicited emails is called
span
a email server that accepts mail and forwards it to other mail servers
open SMTP relay
a email pretending to be from a trusted organization asking to verify personal information and send money
phishing
To secure e-mail, use either
secure multipurpose internet mail extensions (S/MIME)
pretty good privacy (PGP)
the process of preventing exploitation of vulnerabilities in software applications
application hardening
this application hard technique prevents spawning in a application and will not be able to perform process spawning attack.
Block process spawning
this application hard technique prevents executable files from modification by removing the write permissions given to applications
Control access to executable files
this application hard technique prevents sensitive file system by removing write permissions given to specific applications
Protect OS components
this application hard technique allow an administrator to bypass a specific hardening rule when an application has a legitimate need
use exceptions rules
this application hard technique allows an administrator to identify potentially vulnerable applications and identify if an application is being exploited.
monitor logs
a security feature prevents damages to your computer from viruses and other security threats
uses data execution prevention
this application hard technique applies to third-party application hardening
Implement third-party applications hardening tools
a type of spam targeting of instant messaging (IM) services
spim
software implemented on a computer that executes programs like a physical machine.
virtual machine
a file created on a operating system and simulates a hard disk for the virtual machine.
virtual hard disk drive
a thin layer of software that allows virtual machines to interact with the hardware without going through the host operating system.
hypervisor
this attack occurs when software is downloaded and installed without explicit consent
drive by download
this attack occurs when an attacker registers a domain names that correlate the common typographical errors made by users
URL hijacking
this attack occurs when a variation of phishing attack are being directed at a specific organization or person
watering hole
this attack occurs when the operating system or application does not properly enforce boundaries for how much and what type of data can be imputed
buffer overload
this attack occurs when a computational operation by a running process results in a numeric value that exceeds the max size of the integer type used to store in memory
integer overflow
this attack injects script into web pages
cross site scripting
this attack occurs when unauthorized commands are transmitted from a user to a Web site that currently trusts the user
Cross-site Request Forgery ((CSRF/XSRF)
this attack uses malicious content in an XML message to alter the intended logic of the application.
XML injection