Weaknesses/Vulnerabilities Flashcards
Systems are inherently insecure; business processes are not up to date with current security practice, why?
Badly written software
Badly written websites
Lack of encryption
Are applications weaker then operating systems, and if so why?
Yes, as applications haven’t developed to the scale of systems.
What is Buffer overflow
Buffer is allocated memory for input
Main problem for buffer overflow
If too much input is provided at once, it isnt checked and can write beyond the memory allocated and into the instructions.
Which main instructions would some use to get on to there bosses computer?
DNS - Server IP
WHOIS - who own that IP
PING - to find which addresses responds
Scan TCP ports of the IP - find a port that is listening and uses the buffer overflow.
What applications are easy to exploit
Adobe and JavaScript.
What is SQL Injection
A badly checked input to web databases can let web users modify the database
Weak password is susceptible to?
Brute Force attack, enough time it will work
Best ways to defend against attacks
Firewalls
Up to date software
good passwords
Sensible use of public WIFI
What do organisations do to keep their systems up to date
Penetration Tests
Commission hackers try to hack the systems
Example of an SQL statement
SQL Statement > SELECT * FROM users WHERE userID = “+ userName”;