Please enable JavaScript.
Coggle requires JavaScript to display documents.
CompTIA Security+ Chapter 7 (Secure Coding (Compiled vs Runtime code,…
CompTIA Security+ Chapter 7
Common Attacks
DoS & DDoS
Spoofing
SYN flood attack
Man-in-the-middle attacks (MITM)
ARP Poisoning
ARP MITM
ARP DoS
DNS Attacks
DNS Poisoning
Pharming - same as DNS poisoning?
DDoS DNS Attack
Amplification Attacks
NTP amplification attack
Passwords
Password Attacks
Brute force
Dictionary Attack
Password Hash
Pass the Hash attack
Birthday Attack - hash collision
Rainbow Table
Replay Attacks
Cryptography
Known plaintext Attack - all of plaintext and cyphertext is known
Chosen plaintext attack - some plaintext is known
Ciphertext only
Typo squatting
Click jacking
Session hijacking
Domain hijacking
Man-in-the-browser
Driver manipulation attack
Zero-day attacks
Memory Buffer Vulnerabilities
Memory Leak
Integer Overflow
Buffer Overflow - NOP slide (no operation)
Pointer Dereference
DLL Injection
Secure Coding
Compiled vs Runtime code
Proper Input Validation
client side & server side
Escaping the HTML code / encoding the HTML code (sanitize HTML code)
Avoiding race conditions
Proper error handling
Cryptographic techniques
Encourage code reuse and SDKs
Code obfuscation
Code quality and Testing
Static code testing, dynamic
fuzzing
stress testing
sandboxing
module verification
Software development life cycle (SDLC)
waterfall
agile
Secure DevOps
Version control & change management
Provisioning and Deprovisioning = install / uninstall
Application Attacks
Web Servers - vulnerable to buffer overflow and SQL attacks
Databases
includes tables
Normalization - reduce redundant data
SQL injection attack - input validation & stored proceedures
Database Normalization
First Normal Form (1NF)
Unique 'primary key' for each ROW
Related data is contated in separate table - minimize multiple data locations
Groups (COLUMNS) are unique - FirstName & LastName instead of Name
Second Normal Form (2NF)
Composite primary key - a table with two or more primary keys
it is 1NF
Attributes in tables with composite keys are DEPENDENT on that key.
Third Normal Form (3NF)
it is 2NF
all COLUMNS are only dependent on primary key
Command injection attack
Cross-site Scripting (XSS)
Cross-site request forgery (XSRF)
Frameworks and Guides
CyberSecurity Frameworks:
Regulatory
Non-regulatory
national vs international
Industry specific