Identifying vulnerabilities and protections Flashcards
Footprinting
Interrogating resources on the Internet for
information about systems, looking to discover
what a potential attacker can also discover
without an organisation’s knowledge
Penetration testing
Attempting to penetrate a system’s security layers
in order to demonstrate security risks.
- Buffer overflows
a program tries to store more data
in a buffer (temporary data storage area) than it was intended to hold
- Too many permissions
installation of an app asks you to give permission for the software to access certain settings and features of your device
- Scripting restrictions
Same Origin Policy (SOP) is a security measure that prevents a
website’s scripts from accessing and interacting with scripts used on other sites. Running
scripts from other sites would be dangerous because a malicious script from a compromised
site could interact with a script from a legitimate site without restriction, potentially leading
to malware infections or sensitive data being compromised.
- Accepting parameter without validation
dynamically generated HTML web pages can
introduce security risks if inputs are not validated on the way in. Malicious script can be
embedded within input that is submitted to web pages and this could then appear to
browsers as originating from a trusted source
cookie
a small piece of code that is given to a Web browser by a Web server.
The main purpose of a cookie is to identify users and prepare customized Web pages or to save site login information.
Cookies can be seen as a security issue as they hold personal information and this can be used or sold and tracking cookies can hold information on the
websites visited by users
