Security Vulnerabilities Flashcards
Mock Exam Revision
Cloud-related vulnerability types:
Insecure APIs
Poor access controls
Lack of security updates
Misconfigured cloud storage
Shadow IT / Malicious insiders
Which of the terms listed below refers to a situation in which a product or service may no longer receive security patches or other updates, making it more vulnerable to attack?
A. EOL
B. ALM
C. EOS
D. SDLC
EOS (End of Support/Service)
The date when a vendor discontinues maintenance, updates, and security patches for a product. Using EOS tech exposes users to unpatched vulnerabilities and compliance risks. Common in operating systems (Windows XP), IoT devices, and SaaS platforms.
Cross-Site Scripting (XSS)
A web vulnerability where attackers inject client-side scripts into pages viewed by others. Exploits trust in a site to bypass same-origin policy, enabling cookie theft, defacement, or malware delivery. Mitigated via output encoding, input validation, and secure HTTP headers (CSP).
Characteristics:
Exploits the trust a user’s web browser has in a website.
A malicious script is injected into a trusted website.
User’s browser executes attacker’s script.
A type of exploit in which an application overwrites the contents of a memory area it should not have access to is called:
A. DLL injection
B. Buffer overflow
C. Memory leak
E. Privilege escalation
Buffer Overflow
A software vulnerability where writing excess data beyond a memory buffer’s allocated space corrupts adjacent memory, potentially allowing arbitrary code execution. Common in C/C++ due to lack of bounds checking. Defences include stack canaries, DEP (Data Execution Prevention), and secure coding practices.
A collection of precompiled functions designed to be used by more than one Microsoft Windows application simultaneously to save system resources is known as:
A. DLL
B. API
C. EXE
D. INI
A DLL (Dynamic Link Library)
A shared library file in Windows containing code/data used by multiple programs simultaneously. Enables modular programming, reduces redundancy, and supports runtime linking. Vulnerable to hijacking if apps load DLLs from untrusted paths.