Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CASP+ > Section 27: Analyzing Vulnerabilities > Flashcards

Section 27: Analyzing Vulnerabilities Flashcards

1
Q

Dereferencing

A

Occurs when the code attempts to remove the relationship between a pointer and the thing it points to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

TOCTOU

A

▪ Occurs when there is a change between when an app checks a resource and when the app uses the resource

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Mutually Exclusive Flag (Mutex)

A

▪ Acts as a gatekeeper to a section of code so that only one thread can be processed at a time

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Buffer Overflow

A

▪ Occurs when a process stores data outside the memory range allocated by the developer

o Buffer
▪ A temporary storage area that a program uses to store data
▪ Over 85% of data breaches were caused by a buffer overflow

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Stack

A

▪ Reserved area of memory where the program saves the return address when a function call instruction is received

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Address Space Layout Randomization (ASLR)

A

Prevents an attacker’s ability to guess where the return
pointer for a non-malicious program has been set to call
back to

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Data Execution Protection (DEP)

A

o Blocks applications that attempt to run from protected
memory locations
o Executable code stored in the user data location will be
marked as non-executable

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Integer Overflow

A

▪ Occurs when a computed result from an operation is too large to fit into its assigned variable type for storage

▪ Integer overflows and buffer overflows can lead to arbitrary code
execution, and in turn, privilege escalations

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

HTTP Public Key Pinning (HPKP)

A

▪ Allows HTTPS websites to resist impersonation by attackers using fraudulent certificates

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Software Composition Analysis

A

A process by which software can be analyzed for open-source
components

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Regression Testing

A

Validates any software change does not produce any unintended
consequences

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Represented State Transfer (REST)

A

A client/server model for interacting with content on remote systems
over HTTP

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Simple Object Access Protocol (SOAP)

A

▪ Used for exchanging structural information for web services
▪ Conduct inspection and sanitization of inputs and outputs to the
application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Bytecode

A

▪ An intermediate form of code produced by a compiler that can be
translated into machine code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CASP+ (26 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions