Design Vulnerabilities Flashcards
How do Design Vulnerabilities arise?
They often arise from the general design of the software code.
What are the three main types of Design Vulnerabilities?
Insecure Components
Insufficient Logging and Monitoring
Weak or Default Configurations
What are Insecure Components?
Name 3 examples
Any code that is used or invoked outside of the main program process.
Code Re-use
Third-Party Library
Software Development Toolkit (SDK)
What is Insufficient Logging and Monitoring?
Any program that does not properly record or log detailed enough information for an analyst to perform their job.
What is a Weak or Default Configuration?
Any program that uses ineffective credentials or configurations, or one which the default configs haven’t been changed for security.
Many apps run as root or as a local admin. What security principal are they generally forgetting or ignoring?
Least privilege
What is a best practice to prevent Design Vulnerabilities?
Use scripted installations and baseline config templates to secure the apps during installation.