CompTIA Security + Ch 4

Card Set Information

CompTIA Security + Ch 4
2012-05-22 13:44:07

Show Answers:

  1. Cookies
    Tesxt files placed on the client computer that store information about it, which include your browsing habits and credentials.

    Tracking cookies are used by spyware to collect information about a web users activities.

    Session cookies are used by attackers in an attempt to hijack a session.
  2. Buffer Overflow
    When a process stores data outside the memory that the developer intended. This could cause erratic behavior in the application.
  3. User Account Control (UAC)
    Security componet of Windows Vista, and 7 that keeps every user in standard user mode instead of as an admin with full admin rights.
  4. Systems Development Life Cycle (SDLC)
    The process of creating systems and applications, and the methodologies used to do so.
  5. Secure Code Review
    An in-depth code inspection procedure.
  6. Secure Coding Concepts
    The best practices used during the life cycle of software development.
  7. Fuzz Testing (Fuzzing)
    When random data is inputted into a computer program in an attempt to find vulnerabilities.
  8. Cross-site Scripting (XSS)
    A type of vulnerability found in web applications used with session hijacking.
  9. Cross-site Request Forgery (XSRF)
    An attack that exploits the trust a website has in a users browser in an attempt to transmit unauthorized commands to the website.
  10. Input Validation
    A process that ensures the correct usage of data.
  11. Sandbox
    When a web script runs in its own environment for the express purpose of not interfering with other processes, possibly for testing.
  12. Directory Traversal
    Also known as the ../ (dot dot slash) attack is a method of accessing unauthorized parent directories.
  13. Zero Day Attack
    An attack that is executed on a vulnerability in software before that vulerability is known to the creator of the software.
  14. Threat Modeling
    Prioritize threats to an application, based on their potential impact.