1. Home
  2. Flashcards
  3. Preview

Computer Security Ch 11 - Exam III

  1. defensive programming (secure programming)
    a form of defensive design intended to ensure the continuing function of a piece of software in spite of unforeseeable usage of said software
  2. incorrect handling of program input
    one of the most common failings in software security
  3. 1. input size and buffer overflow

    2. meaning and interpretation of program input
    two key areas of concern for any input into a system
  4. injection attack
    a wide variety of program flaws related to invalid handling of input data - occurs when program input data can accidentally or deliberately influence the flow of execution of the program
  5. command injection
    SQL injection
    code injection/XSS attacks
    three types of injection attacks
  6. command injection
    an attack where input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server
  7. SQL injection
    an attack where the user-supplied input is used to construct a SQL request to retrieve information from a database
  8. code injection
    an attack where the input includes code that is then executed by the attacked system
  9. cross-site scripting (XSS) attacks
    input provided to a program by one user that is subsequently output to another user - most commonly in scripted Web applications
  10. XSS reflection
    a vulnerability where the attacker includes the malicious script content in data supplied to a site
  11. regular expression
    a pattern composed of a sequence of characters that describe allowable input variants
  12. canonicalization
    the process in which input data is transformed into a single, standard, minimal representation - involves replacing alternate, equivalent encodings by one common values
  13. fuzzing
    a software testing technique that uses randomly generated data as inputs to a program with the intent to determine whether the program or function correctly handles abnormal inputs or crashes or fails
  14. memory leak
    a steady reduction in memory available on the heap to the point where it is completely exhausted - resulting in a program crash
  15. race condition
    multiple processes and threads compete to gain uncontrolled access to some resource
  16. deadlock
    various processes or threads wait on a resource held by the other due to an incorrect sequence of synchronization
  17. whether the implemented algorithm correctly solves the specified problem
    whether the machine instructions executed correctly represent the high-level algorithm specification
    whether the manipulation of data values in variables, as stored in machine registers or memory, is valid and meaningful
    key issues from a software security perspective
Author
mjweston
ID
248251
Card Set
Computer Security Ch 11 - Exam III
Description
Software Security
Updated

  1. Home
  2. Flashcards
  3. Preview