SON 4 Flashcards
How do attackers use memory injection, and how can it be prevented?
πΉ Memory Injection β Injecting malicious code into a programβs memory.
πΉ Common Techniques β Code injection, buffer overflows, DLL injection.
πΉ Goal β Execute arbitrary code by exploiting vulnerabilities.
πΉ Prevention β Secure coding, input validation.
What is a race condition, and how does TOCTOU exploitation work?
πΉ Race Condition β Timing issue where attackers exploit changes in a systemβs state.
πΉ TOCTOU (Time-of-Check to Time-of-Use) β A resource is checked, then altered before use.
πΉ Example β File access attacks using symbolic links to bypass security.
πΉ Prevention β Use atomic operations & proper synchronization.
How can malicious updates compromise security, and how are they prevented?
πΉ Malicious Update β Fake update that weakens system security.
πΉ Goal β Trick users into installing compromised software.
πΉ Prevention β Use code signing to verify legitimate updates.
Why are outdated operating systems (EOL- End of Life) a security risk?
πΉ OS Weaknesses β Can allow unauthorized access or privilege escalation.
πΉ Fix β Regular OS updates & patches.
πΉ Risk β Unsupported OS (e.g., Windows XP, 7) gets no security updates.
How does SQL injection exploit the connection between front-end inputs and the back-end database?
Flashcard: SQL Injection (SQLi)
πΉ SQLi Attack β Injecting malicious SQL code into input fields.
πΉ How it works β Exploits poorly validated inputs in a websiteβs front-end to manipulate the database (back-end).
πΉ Common goal β Bypass authentication, steal or delete data, or modify records.
πΉ Example β Entering β OR 1=1 β in a login field tricks the database into always returning βtrue,β granting access.
πΉ Prevention β Use prepared statements, parameterized queries, and input validation.
How does XSS allow attackers to manipulate web applications and users?
πΉ XSS Attack β Injecting malicious scripts into web pages.
πΉ How it works β Exploits unvalidated user input to run scripts in other usersβ browsers.
πΉ Common goal β Steal cookies, hijack sessions, or deface webpages.
πΉ Example β Inserting
alert('Hacked!') into a comment box executes unwanted code.πΉ Prevention β Input validation, output encoding, and Content Security Policy (CSP).
Why are outdated or unsupported hardware devices a security risk?
πΉ Firmware Vulnerabilities β Weaknesses in low-level software running on devices.
πΉ End-of-Life Hardware β Unsupported devices with no security updates.
πΉ Legacy Hardware β Old devices that lack modern security protections.
What are common security risks in virtualization?
πΉ VM Escape β Attacker breaks out of a virtual machine to access the host system.
πΉ Resource Reuse β Sensitive data left in system resources can be accessed by other processes.
How can weak access controls and account hijacking compromise cloud security?
πΉ Data Breaches β Sensitive cloud data is a prime target for hackers.
πΉ Weak Access Controls β Poor authentication & credential management lead to unauthorized access.
πΉ Account Hijacking β Stolen cloud accounts allow attackers to manipulate data and intercept transactions.
Why are APIs and system vulnerabilities major risks in cloud security?
πΉ Insecure APIs β Poorly secured cloud interfaces can be exploited.
πΉ System Vulnerabilities β Complex cloud infrastructures may contain exploitable weaknesses.
