Please enable JavaScript.
Coggle requires JavaScript to display documents.
보안 (공격 (모바일 기반 공격 (malware (viruses, trojans, ransomware, spyware),…
보안
공격
모바일 기반 공격
Improper platform usage
insecure data storage
insecure communication
based on SMS and MMS
based on communication networks
authentication
insufficient cryptography
insercure authorization
client code quality
code tampering
reverse engineering
extraneous functionality
password cracking
software application vulnerablities
web browser
operating system
hardware vulnerabilities
electromagnetic waveform
juice jacking
malware
viruses
trojans
ransomware
spyware
시스템 기반 공격
reverse engineering
IDA PRO
OllyDbg
buffer overflow
heap overflow
stack overflow
hooking
c# keyboard event hooking
directDraw hooking
JMP hooking
netfilter hooking
format string attack
shell code
debugging
use after free
backdoor
unvalidated input
text input
command line input
untrusted data
race condition
interprocess communication
insecure file operation
access control problem
네트워크 기반 공격
DDos(Distributed Denial of Service)
network scanning
sniffing
Spoofing
IP spoofing
ARP spoofing
DNS spoofing
Email Spoofing
Search engine Spoofing
session hijacking
phishing attack
whaling(high level target phishing)
spear phishing attack
watering hole
attack
vishing(voice phishing)
DoS(Denial of Service)
ICMP flood attack(ping flood)
Ping of Death(PoD)
Smuf Attack(different IP)
SYN flood attack
Man in the middle attack
웹 기반 공격
exploitation of authetication
session fixation
session prediction
session hijacking attack
EAR(execution after redirect)
XSRF=CSRF(Cross-Site request forgery)
Brute force attack
cash overflow
cryptanalysis
denial of service
injection
blind sql injection
blind xpath injection
code injection
command
comment injection attack
Cross-site Scripting(XSS)
foramt string attack
full path disclosure
function injection
php object injection
SQL injection
server side includes(SSI) injection
XPATH injection
Man in the middle attack
방어
가이드 라인
Framwork and Standard
NIST
ISO
IEC
COBIT
SNAS
CSC
security architecture
cryptography
secure system build
secure application developemnt
network design
data protection
cloud secuirty
access control
identity management
security engineering
User education
training
threat intelligence
extrenal
internal
governance
audit
policy
procedure
standard
guideline
compliance
enforcement
laws and regulations
federal
state
risk assessment
vulnerability scan
assets inventory
3d part risk
source code scan
blackbox
whitebox
data-centric risk assessment
security operation
protection
detection
prevention
recovery
vulnerability management
incident response
breach notification
containment
eradication
forensics
active defense
기술
네트워크
DRM
Antivirus
NAC
VPN
IPS
honey pot
IDS
reporting and response
anlysis and intrusion detection
data reduction and filtering
raw data collection
packet filtering
Dual homed gateway
single homed gateway
screening router
firewall
DMZ
cloud service
시큐어 코딩
Clang TSA
BOF Elimination
didfail
rosecheckers
secure coding validation suite
air integer model
암호화
symmetric-key algorithm
DES
AES
3DES
SEED
HIGHT
ARIA
LEA
public-key Cryptography
RSA
ECC