Chapter 8 - Application Security Flashcards
What can hackers gain by taking over application programs?
If an attacker can take over an application, they can execute commands with whatever privileges the application has. Most applications have root permissions, so this is… pretty bad.
What is the most popular way for hackers to take over hosts?
The most popular way for hackers to take over hosts is by taking over applications.
What is a buffer?
A buffer is an area of RAM where programs temporarily store data.
What is a buffer overflow attack?
A buffer overflow attack is an attack that relies on forcing too much data into the buffer of a program. When the buffer “overflows”, it overflows into the “address” field of the buffer, which directs where control goes after the buffer entry is “popped off” the stack. This new overwritten address points back into the over-filled buffer, where code is waiting to be executed.
What impacts can a buffer overflow have?
A buffer overflow’s effects can range from absolutely nothing, to crashing a server, to running illicit code.
Why is patching applications more time-consuming than patching operating systems?
Most firms will have a very small number of different operating systems to keep patched, verses a veritable “fleet” of applications.
Why must you know a server’s role to know how to protect it?
Knowing a server’s role is vital to knowing how to protect it because you will be able to understand what applications and services can be removed or permissions reduced and still allow the server to fulfill its function.
Why is it important to minimize both main applications and subsidiary applications?
It is important to minimize main and subsidiary applications because applications are the main source of vulnerability in machines today. Few applications means fewer possible avenues of attack.
Why are security baselines needed for installing applications?
Security baselines are needed for installing applications because they will tell an installer what optional programs will be needed in an install, or what automatically-installed programs should be removed.
Why is it important to minimize permissions for application programs?
It is important to minimize permissions for application programs for the same reasons that it is important to limit permissions for users; having unneeded extra access is a vulnerability if the program is compromised.
Why is application-level authentication superior to operating system authentication?
Application-level authentication is superior to OS authentication because, unlike OS authentication which gives broad access to the computer, application-level authentication can give a narrower field of permissions
Why should cryptographic protections be used between a user an applications?
Uh. Cryptographic protections should be used because they offer strong protection. Duh.
What is a login screen bypass attack?
A login screen bypass attack is when the attacker types a URL of a page beyond the login screen when the login screen appears.
What is a cross-site scripting (XSS) attack?
A cross-site scripting (XSS) attack is when an attacker sends a link to a user of a site that uses reflection prompting them to log in. This link has a script hidden at the end of it that reflects the user’s input to the attacker.
What is an SQL Injection attack?
An SQL injection attack is when the attacker inputs an SQL command into a user input field in the form, which then is executed if the form is programmed poorly.
What attitude should programmers have about user input?
User input is not to be trusted.
What training should programmers who do custom programming have?
Programmers who do custom programming should get training in secure programming in general, focusing on their particular language.
What risks do webservice and e-commerce service create for corporations?
Attacks on webservices and e-commerce services can disrupt service, harm a company’s reputation, and expose private information.
What is the difference between WWW service and e-commerce service?
WWW service encompasses basic things like webhosting, retrieving static and dynamic pages. E-commerce services are things like online catalogs, shopping carts, checkout systems, and the like.
What kinds of external access are needed for e-commerce?
E-commerce needs access to external sources, such as merchant banks, credit card number checking services, etc.
Does the webmaster or e-commerce administrator have control over the security of other servers?
The webmaster/e-commerce administrator does not have control over the security of other servers.
Why are custom programs especially vulnerable?
Custom programs are especially vulnerable because most firms do a poor job of ensuring the hardening of internally-developed applications. Most common programming languages have a tendency to produce common security failure modes that are pretty well-known.
What is website defacement? Why is it damaging?
Website defacement is exactly what it sounds, where an attacker vandalizes the website of its victim. It can be damaging because it can be made to look like actual, intentional changes by the victim, saying “out of business” or something like that.
What are directory transversal attacks?
Directory transversal attacks are attacks that use URLs to navigate to the root directory of the webserver in order to obtain system files, hashes, etc.
Where is an application proxy firewall placed relative to the webserver?
With an application proxy firewall, it is placed between the webserver and the rest of the network.
In staged development, what three servers do companies use?
In staged development, companies use the development, test, and production servers.
What permissions does the developer have on the development server? On the testing server? On the production server?
On the development server, developers have extensive permissions. On the test server, developers have no access permissions. On production, developers have no permissions.
On what servers do testers have access permissions?
Testers only have access permissions on test servers.