Weaknesses and Vulnerabilities - L1 Flashcards

Learn common weaknesses and vulnerabilities in software development (XSS, Buffer Overflow, Out-of-Bounds Read/Write, Improper Input Validation

1
Q

Briefly explain software

A

Software by its nature is constantly running processes and interacting with the host system, whether it’s a server or the computer it’s installed on. As the software acts as a conduit to those resources or data it’s processing, we have to be careful and look at what happens if a user does something that we don’t want them to do (intentional or unintentional)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is developing secure software primarily focused on?

A

Secure development along with vulnerability testing and mitigation. Many vulnerabilities are a result of poor programming practices

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 3 error categories of vulnerabilities?

A

Insecure interaction between components

Risky resource management

Porous defences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain what insecure interaction between components means

A

This is where two resources or programs or software running on different pieces of hardware are talking to each other for some reason. During that conversation, data or connections are exposed, and how they are exposed and the way in which the components are talking to each other will often create vulnerabilities or weaknesses

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Explain what Risky Resource Management is

A

This is about including things in our software or applications which we aren’t sure about regarding the permissions, the source, or things being altered on the way into our application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Explain what Porous Defences are

A

This is partially configured defences (setting up permissions in one area but not the other or completing security test on landing page but not on subsequent pages in the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the CWE?

A

Common Weakness Enumeration - A community developed list of software and hardware weakness types. Run by Mitre Corporation and funded by US Government. They maintain a ‘Top 25 Dangerous Software Weaknesses’ list

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does software appear to be changing?

A

Things are expected to be cross platform and there has been an increase in cloud based architectures. We are also seeing an emergence of IoT based technologies where people are putting systems on devices that essentially weren’t initially designed to have a computer put into them

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Improper Neutralisation of Input During Web Page Generation (XSS)?

A

This is about injecting bad executable code into a webpage. Vulnerability includes being able to hijack sensitive information, inject further malicious requests or change user information, or take control of a computer or web server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Vulnerabilities from Improper Neutralisation of Input During Web Page Generation (XSS) occur when what happens

A
  • Untrusted data enters application via a web request
  • Application generates a page containing this untrusted data
  • During page generation, application allows content to be included that is executable by a web browser, such as JavaScript
  • A victim visits the web page
  • Since the script comes from a webpage that was sent by the web server, the victim’s web browser executes the malicious script in the context of web server’s domain
  • This can violate the browser’s same-origin policy to access external resources or even resources within the application
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What are the 3 types of Cross Site Scripting (XSS)?

A

Type 1 - Reflected XSS (Non-persistent) - Server receives exploit code in a HTTP request and reflects it back in the HTTP response. An attacker must cause a victim to supply dangerous content to a vulnerable web application

Type 2 - Stored XSS (Persistent) - Attacker injects exploit code into a data storage in the application which is then included when a victim loads a web page which uses that resource

Type 0 - Dom-based - This attack injects malicious code directly into the page as opposed to injecting it into the server

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is Out-of-Bounds Read/Write (Buffer Overflow)?

A

This is where too much data has been placed in a buffer, resulting in adjacent memory locations being overwritten. Buffers are memory storage regions that hold data temporarily while it is being transferred from one location to another.

Impacts of this vulnerability include damage to system files, taking control of a machine, data exfiltration and privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What are the 2 types of Buffer Overflow Attacks?

A

Stack-based Buffer Overflow - This is the most common and uses stack memory which exists only during the execution of a function. A stack is spun up as a buffer to hold a variable. The variable is read back out of it and then the buffer is collapsed.

Heap-based Buffer Overflow - Harder to carry out and involves flooding the memory space allocated to a program. This attacks the entire memory space allocated to a program

C++ particularly susceptible to buffer overflow due to low level of their operation. Languages such as JavaScript have some built in safeguards to protect from this kind of attack

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What mitigations are there for Buffer Overflow Attacks?

A

JavaScript and others have built in safeguards. Address-based randomisation (ASLR) randomises the address locations and data regions of all of the libraries in the program at runtime so there is no way to predict what that space is going to be. Also Structured Exception Handling and Overwrite Protections (C-HOP) stops code from attacking any structured exception handling and prevents an attacker from making use of any overwrite exploitations because it will flag an exception rather than allowing things to write past the buffer

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is Improper Input Validation (Injection)?

A

Input validation is used to ensure that malicious input is filtered out prior to processing. Impacts of this vulnerability include damage to system files, enumeration, taking control of the machine, data exfiltration and privilege escalation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Vulnerabilities from Improper Input Validation (Injection) occur when what happens?

A

Input validation is used to ensure that potentially dangerous inputs are filtered prior to being processed. Especially dangerous when processing user driven inputs to create commands for system processes

  • Input is provided by a user which includes executable code
  • Input is passed to a process to be executed (such as a database call to read user details from a database)
  • User input interrupts normal behaviour of application and performs the executable code (such as SQL Command) to retrieve unintended information from a database
17
Q

How many types of Injection Attacks are there?

A

There are many types. Lack of input validation can be used to interrupt processing at any stage. This can then be used to perform Command Injection, SQL/NOSQL Injection and more. Depending on the process being carried out and the permissions the application has, damage to the system can be limitless

18
Q

What is Exposure of Sensitive Information to an Unauthorised Actor (Data Leaks)?

A

This can occur from bad code or not cleaning up the data you are retrieving

Impacts of this vulnerability include enumeration, data exfiltration and privilege escalation

19
Q

Vulnerabilities from Exposure of Sensitive Information to an Unauthorised Actor (Data Leak) occur when what happens?

A

Exposure of sensitive data through bad coding practices is a common weakness. It occurs when an application includes sensitive or unrequited data during its execution.

For example, an application makes a call to a database to retrieve user data for all users to fill a contact information table on a web application

Retrieved data is then passed to the browser DOM and processed in JavaScript in order to put the relevant information in the table and ignore irrelevant information

The table is displayed on a webpage

The original data (including login credentials) is still available within both the HTTP response and the DOM of the browser, even though it’s not displayed on the page

20
Q

When can data leaks occur?

A

Data leaks can occur whenever processed data is not scrubbed or sanitised before being passed to the front end of an application or user-visible process.

These data leaks can be hard to find and are often as a result of data being passed through many processes

21
Q

What can exposed data from leaks include?

A
  • Personal data, credentials
  • System or environment
    data (OS versions)
  • Network status and configuration (error messages)
  • Application code or internal state
  • Metadata (logs of errors, connections or headers)
  • Indirect information (discrepancy between internal operations)
22
Q

What is Incorrect Permission Assignment for Critical Resources (Path Traversal, Race Conditions, DLL Hijacking)?

A

Many applications will require access to other resources. These may be libraries, images, temporary file creation/retrieval, reference files and many more. This vulnerability occurs when the permissions for one or more of these resources are not correctly set

23
Q

Vulnerabilities occur from Incorrect Permission Assignment for Critical Resources when what happens?

A
  • An application needs to create a file to temporarily store data ready for a future process to read. Let’s say for example the file contains credentials
  • The application creates the new file in the /tmp directory and sets the permissions to 744 so everybody has read access but only the creator can write to it
  • The next process then reads the file and carries out the required processing and then deletes the file
  • During the period (nanoseconds) between the file being created and the file being deleted, there’s an opportunity for a bad actor to read the contents of this file. It is simply a RACE to see if the data can be retrieved before the file is deleted, known as a race condition
24
Q

What are the 3 types of permission exploitations?

A

1) Race conditions
2) Path Traversal - When an application references a local file, it is often possible to redirect this local request using ‘../’ notion to change the referenced file location and retrieve unintended information from the server
3) DLL Hijacking - Uses the DLL Library Search Order to intercept requests for a DLL file by creating one with the same name as the target resource earlier in the path so it is found and executed first

25
Q

What is defensive programming concerned with?

A

Defensive programming is concerned with making sure that software continues to function even under unforeseen circumstances such as an attack

26
Q

Defensive Coding should do what (5)?

A
  • Reduce number of bugs and errors
  • Be easily readable and externally audited
  • Validate inputs and system calls
  • Assume a zero-trust posture
  • Balance the CIA Triad appropriately
27
Q

Defensive Coding should not do what (3)?

A
  • Should not introduce unnecessary processing or execution delays
  • Should not incur unnecessary run-time or maintenance costs
  • Should not be noticeable to legitimate users
28
Q

What are Advanced Persistent Threats (APT)?

A

APT’s are specific attackers or threats which are organised, directed, well financed, patient and focus on remaining undetected. They can carry out long term attacks, waiting for outside influences or the correct conditions for success

29
Q

List the common weakness types of software and hardware (5)

A

1) Improper Neutralisation of Input During Webpage Generation (XSS)
2) Out-of-bounds Read/Write (Buffer Overflow)
3) Improper Input Validation (Injection)
4) Exposure of Sensitive Information to an Unauthorised Actor (Data Leaks)
5) Incorrect Permission Assignment for Critical Resources (Path Traversal, Race Conditions, DLL Hijacking)