Domain 7: Systems and App Security Flashcards
Pointer overflow attack
Similar to buffer overflow. Attackers uses Buffer OF techniques to change it to point to malicious code.
Directory transversal
Web attack to jump to higher level directories on web server.
Covert Channel
Any non-standard means of communication
SQL Escape Characters
Attacker uses as part of an attack script in web form field.
File infecting virus
Attacks executables
Stealth virus
Masks itself as another type of program to avoid detection
Retrovirus
Attacks AV
Multipartite virus
Attacks different parts of the host such as boot sector, exe’s, and apps.
File extension attack
Using a long file name to hide a double extension
Pharming
Social engineering attack. Attack on hosts file or DNS server
Rogue SW
Trojan that works like ransomware
Retina
Vuln scanning SW like Nessus
System-key utility
Defense against windows based password cracking.
Centralized Application management (CAM)
Virtual Desktops, SaaS
COPE
Corporate Owned Personally Enabled
DED
Dedicated computing device. aka IOT
Private cloud
Internal network with Virtualization benefits
Managed File Transfer (MFT)
Transfer of data to, from, in between clouds securely and reliably regardless of data file size.
Erasure coding
Parity system for cloud. aka Data dispersion
Cloud storage-level encryption
Encryption w/ keys managed by vendor
Volume storage encryption
Cloud storage with keys managed by data admin.
Data haven
Data friendly storage with low regulation/law. Could be TOR
Directive 95/46 EC
Predecessor to GDPR. Non-Binding
GDPR
Unify protections in 28 EU countries. Affects data transfer, accountability, sanctions
