Chapter 1 Flashcards
improper input handling
A programming error that does not filter or validate user input to prevent a malicious action.
injections
Attacks that introduce new input to exploit a vulnerability.
integer overflow attack
An attack that changes the value of a variable to something outside the range that the programmer had intended by using an integer overflow.
keylogger
Hardware or software that silently captures and stores each keystroke that a user types on the computer’s keyboard.
logic bomb
Computer code that is typically added to a legitimate program but lies dormant and evades detection until a specific logical event triggers it.
malware
Malicious software that enters a computer system without the user’s knowledge or consent and then performs an unwanted and harmful action.
memory leak
A situation that occurs when, due to a programming error, memory is not freed when the program has finished using it.
pointer/object dereference
A flaw that results in a pointer given a NULL instead of valid value.
potentially unwanted programs (PUPs)
Software that users do not want on their computer.
race condition
A situation in software that occurs when two concurrent threads of execution access a shared resource simultaneously.
ransomware
Malware that prevents a user’s endpoint device from properly and fully functioning until a fee is paid.
refactoring
Changing the design of existing code
remote access Trojan (RAT)
Malware that infects a computer like a Trojan but also gives the threat agent unauthorized remote access to the victim’s computer by using specially configured communication protocols.
replay
An attack that copies data and then uses it for an attack.
resource exhaustion attacks
An attack that depletes parts of memory and interferes with the normal operation of the program in RAM to give an attacker access to the underlying OS.