Back to FlashcardsInformation Technology / Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 2
Security+ (SY0-701): Lesson 8: Explain Vulnerability Management Part 2
This deck covers key concepts and definitions from Lesson 8 of the Security+ (SY0-701) syllabus, focusing on vulnerability management techniques and attack types.
What does a buffer overflow allow an attacker to do?
Tap or swipe ↕ to flip
Swipe ←→Navigate
1/30
Key Terms
Term
Definition
What does a buffer overflow allow an attacker to do?
Change the return address, allowing the attacker to run arbitrary code on the system.
What 3 controls have been developed to mitigate buffer overflow vulnerabilities?
Address space layout randomization (ASLR)
Data Execution Prevention (DEP)
Type-safe programming languages
...
Define a 'Type-safe programming language'
Program that enforces strict type-checking during compilation and ensures variables and data are used correctly.
What is the purpose of using a type-safe programming language?
Prevents memory-related vulnerabilities and injection attacks.
Define a 'Malicious update'
An update that appears legitimate but contains harmful code; A vulnerability in software repository or supply chain that a threat actor can exploit to...
Define an 'evaluation scope'
The product, system, or service being analyzed for potential security vulnerabilities or the intended target or an attack.
Related Flashcard Decks
| Term | Definition |
|---|---|
What does a buffer overflow allow an attacker to do? | Change the return address, allowing the attacker to run arbitrary code on the system. |
What 3 controls have been developed to mitigate buffer overflow vulnerabilities? |
|
Define a 'Type-safe programming language' | Program that enforces strict type-checking during compilation and ensures variables and data are used correctly. |
What is the purpose of using a type-safe programming language? | Prevents memory-related vulnerabilities and injection attacks. |
Define a 'Malicious update' | An update that appears legitimate but contains harmful code; A vulnerability in software repository or supply chain that a threat actor can exploit to add malicious code to a package. |
Define an 'evaluation scope' | The product, system, or service being analyzed for potential security vulnerabilities or the intended target or an attack. |
Define a distinct different between a web application attack and other attacks | Must navigate the client-server model; Requiring the attacker to bypass network and application-level security controls. |
Define a 'cross-site scripting (XSS)' attack | A malicious script injected into a web site designed to compromise clients browsing the site. |
Define a 'nonpersistent cross-site scripting (XSS)' attack | The malicious script is obfuscated in a spoofed URL that reflects back to the attacker. |
Define a 'stored/persistent cross-site scripting (XSS)' attack | The script is injected and permanently stored on the target servers, such as in a database or content management system. |
Define a 'Document Object Model (DOM) cross-site scripting (XSS)' attack | Attacker injects malicious script into a JavaScript Document Object Model (DOM) to execute their attack solely on the client. |
What is the difference between an overflow attack and an injection attack? | Overflow attack works against the way a process performs memory management while an injection attack exploits some unsecure way in which the application processes requests and queries. |
Define a ‘SQL injection' attack | Injection of a malicious/unauthorized SQL query via the input data from a client to the application/server. |
Define a 'side-channel' attack | Attacker observes the implementation and operation of a system, looking for information to use to exploit the system. |
How can cloud services be manipulated by an attacker? | Setup fake websites on cloud services for phishing and malware distribution; Cryptojacking cloud resources for cryptomining. |
Define a 'cloud access security broker (CASB)' | Enterprise management software designed to manage, mediate, and monitor access to cloud services by users across all types of devices. |
What are the 3 methods of implementing a cloud access security broker (CASB)? |
|
Define a forward proxy cloud access security broker (CASB) | Requires configuration of users' devices; Inspects all traffic in real time, even if that traffic is not bound for sanctioned cloud applications. |
Define a reverse proxy cloud access security broker (CASB) | Positioned at the cloud network edge and directs traffic to cloud services if the contents of that traffic comply with a policy. |
Define an Application programming interface (API) cloud access security broker (CASB) | Brokers connections between the cloud service and the cloud consumer rather than placing a CASB appliance or host inline with cloud consumers and the cloud services. |
Define a 'software bill of materials (SBOM)' | Inventory containing details like component names, versions, and information about the suppliers in a software product. |
What is the purpose of a software bill of materials (SBOM)? | Provide transparency and visibility into the software supply chain and potential vulnerabilities; Enables developers, security teams, and end users to understand the functional components of their software. |
What is the role of a software bill of materials (SBOM) after a vulnerability has been disclosed? | Supports rapid response and remediation; Security teams can quickly determine whether their software is affected by a disclosed vulnerability. |
Define a software dependency check | A Software Composition Analysis (SCA) tool that attempts to detect publicly disclosed vulnerabilities contained within a project’s dependencies. |
What is the purpose of utilizing a software dependency check? | Detecting outdated or vulnerable components |
Define a 'HTTP referrer' | Indicates the URL that forwarded a request to the target URL. |
What is a 'network vulnerability scanner' | Hardware or software configured with a list of known weaknesses and exploits and that can scan for their presence in a client PC, Server, application, or network device. |
Define a 'non-credentialed scan' | A scan that uses fewer permissions and many times can only find missing patches or updates. |
What is the purpose of a non-credentialed scan? | Appropriate technique for external assessment of the network perimeter or when performing web application scanning to mimic view of an unprivileged attacker with limited network access. |
What are typical findings from a non-credentialed scan? | Default passwords for service accounts and device management interfaces. |