Design Vulnerabilities Flashcards

1
Q

How do Design Vulnerabilities arise?

A

They often arise from the general design of the software code.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What are the three main types of Design Vulnerabilities?

A

Insecure Components
Insufficient Logging and Monitoring
Weak or Default Configurations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are Insecure Components?

Name 3 examples

A

Any code that is used or invoked outside of the main program process.

Code Re-use
Third-Party Library
Software Development Toolkit (SDK)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Insufficient Logging and Monitoring?

A

Any program that does not properly record or log detailed enough information for an analyst to perform their job.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is a Weak or Default Configuration?

A

Any program that uses ineffective credentials or configurations, or one which the default configs haven’t been changed for security.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Many apps run as root or as a local admin. What security principal are they generally forgetting or ignoring?

A

Least privilege

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is a best practice to prevent Design Vulnerabilities?

A

Use scripted installations and baseline config templates to secure the apps during installation.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly