Chapter 3 - Threats in Software Continued Flashcards

1
Q

Input attacks

A
  • Definition: Input attacks exploit application weaknesses, causing unexpected behavior such as elevation of privileges, execution of arbitrary code, malfunction, or application abort.
  • Types of Input Attacks: Buffer overflow, integer overflow, SQL injection, script injection, cross-site scripting (XSS), cross-site request forgery (CSRF).
  • Countermeasures: Effective input field filtering, application firewall, application vulnerability scanning, developer training.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Object Reuse

A
  • Definition: Object reuse vulnerabilities occur when processes or applications unintentionally share or expose residual data that can be exploited.
  • Countermeasures: Application isolation, server virtualization, developer training.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Mobile Code

A
  • Definition: Mobile code includes executable content that can be downloaded or transferred for execution on another system, potentially posing security risks.
  • Countermeasures: Anti-malware protection, reduced user privileges, mobile code access controls, application whitelisting, secure workstation configuration.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Social Engineering

A
  • Definition: Social engineering attacks manipulate individuals to gain sensitive information or unauthorized access by exploiting human trust and helpfulness.
  • Countermeasures: Education and training, clear procedures for information requests, restricted access to sensitive information.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Back Door

A
  • Definition: Back doors are hidden mechanisms deliberately planted in applications to bypass security for various purposes, including testing, production access, or unauthorized access.
  • Countermeasures: Code reviews, source code control, source code scanning, data loss prevention (DLP), third-party code reviews and assessments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Logic Bomb

A
  • Definition: Logic bombs are instructions placed in code to perform harmful actions when a predetermined condition is met, often activated by a specific date or event.
  • Countermeasures: Code reviews, source code control, source code scanning, third-party code reviews and assessments.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly