{"appState":{"pageLoadApiCallsStatus":true},"articleState":{"article":{"headers":{"creationTime":"2016-09-12T18:47:09+00:00","modifiedTime":"2016-09-12T18:47:09+00:00","timestamp":"2022-09-14T18:16:01+00:00"},"data":{"breadcrumbs":[{"name":"Academics & The Arts","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33662"},"slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33772"},"slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"},"slug":"cissp","categoryId":33777}],"title":"Client-Based Security Vulnerabilities","strippedTitle":"client-based security vulnerabilities","slug":"client-based-security-vulnerabilities","canonicalUrl":"","seo":{"metaDescription":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most ","noIndex":0,"noFollow":0},"content":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and lack encryption.</li>\r\n\t<li><strong>Vulnerable applets.</strong> Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nIdentifying weaknesses like the preceding examples will require one or more of the following techniques:\r\n<ul>\r\n\t<li>Operating system examination</li>\r\n\t<li>Network sniffing</li>\r\n\t<li>Code review</li>\r\n\t<li>Manual testing and observation</li>\r\n</ul>","description":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and lack encryption.</li>\r\n\t<li><strong>Vulnerable applets.</strong> Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nIdentifying weaknesses like the preceding examples will require one or more of the following techniques:\r\n<ul>\r\n\t<li>Operating system examination</li>\r\n\t<li>Network sniffing</li>\r\n\t<li>Code review</li>\r\n\t<li>Manual testing and observation</li>\r\n</ul>","blurb":"","authors":[{"authorId":9931,"name":"Lawrence C. Miller","slug":"lawrence-c-miller","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9931"}},{"authorId":9180,"name":"Peter H. Gregory","slug":"peter-h-gregory","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9180"}}],"primaryCategoryTaxonomy":{"categoryId":33777,"title":"CISSP","slug":"cissp","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":254899,"title":"Assess and Mitigate Vulnerabilities in Embedded Devices","slug":"assess-mitigate-vulnerabilities-embedded-devices","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254899"}},{"articleId":254896,"title":"Assess and Mitigate Vulnerabilities in Mobile Systems","slug":"assess-mitigate-vulnerabilities-mobile-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254896"}},{"articleId":254893,"title":"Assess and Mitigate Vulnerabilities in Web-Based Systems","slug":"assess-mitigate-vulnerabilities-web-based-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254893"}},{"articleId":254889,"title":"Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements","slug":"assess-mitigate-vulnerabilities-security-architectures-designs-solution-elements","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254889"}},{"articleId":254885,"title":"Computer Architecture and the CISSP Exam","slug":"computer-architecture-cissp-exam","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254885"}}]},"hasRelatedBookFromSearch":true,"relatedBook":{"bookId":281732,"slug":"hacking-for-dummies","isbn":"9781119872191","categoryList":["technology","cybersecurity"],"amazon":{"default":"https://www.amazon.com/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"https://www.amazon.ca/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"http://www.tkqlhce.com/click-9208661-13710633?url=https://www.chapters.indigo.ca/en-ca/books/product/1119872197-item.html&cjsku=978111945484","gb":"https://www.amazon.co.uk/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"https://www.amazon.de/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"https://catalogimages.wiley.com/images/db/jimages/9781119872191.jpg","width":250,"height":350},"title":"Hacking For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"\n <p><p><b><b data-author-id=\"8984\">Kevin Beaver</b> </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master’s degree in Management of Technology at Georgia Tech.</b></p></p>","authors":[{"authorId":8984,"name":"Kevin Beaver","slug":"kevin-beaver","description":" <p><b>Kevin Beaver </b>is an information security guru and has worked in the industry for more than three decades as a consultant, writer, and speaker. He earned his master’s degree in Management of Technology at Georgia Tech.</b></p> ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/8984"}}],"_links":{"self":"https://dummies-api.dummies.com/v2/books/281732"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a617c574\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a617cb0d\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":null,"lifeExpectancySetFrom":null,"dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":225543},"articleLoadedStatus":"success"},"listState":{"list":{},"objectTitle":"","status":"initial","pageType":null,"objectId":null,"page":1,"sortField":"time","sortOrder":1,"categoriesIds":[],"articleTypes":[],"filterData":{},"filterDataLoadedStatus":"initial","pageSize":10},"adsState":{"pageScripts":{"headers":{"timestamp":"2022-09-08T00:59:03+00:00"},"adsId":0,"data":{"scripts":[{"pages":["all"],"location":"header","script":"<!--Optimizely Script-->\r\n<script src=\"https://cdn.optimizely.com/js/10563184655.js\"></script>","enabled":false},{"pages":["all"],"location":"header","script":"<!-- comScore Tag -->\r\n<script>var _comscore = _comscore || [];_comscore.push({ c1: \"2\", c2: \"15097263\" });(function() {var s = document.createElement(\"script\"), el = document.getElementsByTagName(\"script\")[0]; s.async = true;s.src = (document.location.protocol == \"https:\" ? \"https://sb\" : \"http://b\") + \".scorecardresearch.com/beacon.js\";el.parentNode.insertBefore(s, el);})();</script><noscript><img src=\"https://sb.scorecardresearch.com/p?c1=2&c2=15097263&cv=2.0&cj=1\" /></noscript>\r\n<!-- / comScore Tag -->","enabled":true},{"pages":["all"],"location":"footer","script":"<!--BEGIN QUALTRICS WEBSITE FEEDBACK SNIPPET-->\r\n<script type='text/javascript'>\r\n(function(){var g=function(e,h,f,g){\r\nthis.get=function(a){for(var a=a+\"=\",c=document.cookie.split(\";\"),b=0,e=c.length;b<e;b++){for(var d=c[b];\" \"==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};\r\nthis.set=function(a,c){var b=\"\",b=new Date;b.setTime(b.getTime()+6048E5);b=\"; expires=\"+b.toGMTString();document.cookie=a+\"=\"+c+b+\"; path=/; \"};\r\nthis.check=function(){var a=this.get(f);if(a)a=a.split(\":\");else if(100!=e)\"v\"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(\":\"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case \"v\":return!1;case \"r\":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(\":\")),!c}return!0};\r\nthis.go=function(){if(this.check()){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=g;document.body&&document.body.appendChild(a)}};\r\nthis.start=function(){var t=this;\"complete\"!==document.readyState?window.addEventListener?window.addEventListener(\"load\",function(){t.go()},!1):window.attachEvent&&window.attachEvent(\"onload\",function(){t.go()}):t.go()};};\r\ntry{(new g(100,\"r\",\"QSI_S_ZN_5o5yqpvMVjgDOuN\",\"https://zn5o5yqpvmvjgdoun-wiley.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_5o5yqpvMVjgDOuN\")).start()}catch(i){}})();\r\n</script><div id='ZN_5o5yqpvMVjgDOuN'><!--DO NOT REMOVE-CONTENTS PLACED HERE--></div>\r\n<!--END WEBSITE FEEDBACK SNIPPET-->","enabled":false},{"pages":["all"],"location":"header","script":"<!-- Hotjar Tracking Code for http://www.dummies.com -->\r\n<script>\r\n (function(h,o,t,j,a,r){\r\n h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};\r\n h._hjSettings={hjid:257151,hjsv:6};\r\n a=o.getElementsByTagName('head')[0];\r\n r=o.createElement('script');r.async=1;\r\n r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;\r\n a.appendChild(r);\r\n })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');\r\n</script>","enabled":false},{"pages":["article"],"location":"header","script":"<!-- //Connect Container: dummies --> <script src=\"//get.s-onetag.com/bffe21a1-6bb8-4928-9449-7beadb468dae/tag.min.js\" async defer></script>","enabled":true},{"pages":["homepage"],"location":"header","script":"<meta name=\"facebook-domain-verification\" content=\"irk8y0irxf718trg3uwwuexg6xpva0\" />","enabled":true},{"pages":["homepage","article","category","search"],"location":"footer","script":"<!-- Facebook Pixel Code -->\r\n<noscript>\r\n<img height=\"1\" width=\"1\" src=\"https://www.facebook.com/tr?id=256338321977984&ev=PageView&noscript=1\"/>\r\n</noscript>\r\n<!-- End Facebook Pixel Code -->","enabled":true}]}},"pageScriptsLoadedStatus":"success"},"navigationState":{"navigationCollections":[{"collectionId":287568,"title":"BYOB (Be Your Own Boss)","hasSubCategories":false,"url":"/collection/for-the-entry-level-entrepreneur-287568"},{"collectionId":293237,"title":"Be a Rad Dad","hasSubCategories":false,"url":"/collection/be-the-best-dad-293237"},{"collectionId":294090,"title":"Contemplating the Cosmos","hasSubCategories":false,"url":"/collection/theres-something-about-space-294090"},{"collectionId":287563,"title":"For Those Seeking Peace of Mind","hasSubCategories":false,"url":"/collection/for-those-seeking-peace-of-mind-287563"},{"collectionId":287570,"title":"For the Aspiring Aficionado","hasSubCategories":false,"url":"/collection/for-the-bougielicious-287570"},{"collectionId":291903,"title":"For the Budding Cannabis Enthusiast","hasSubCategories":false,"url":"/collection/for-the-budding-cannabis-enthusiast-291903"},{"collectionId":291934,"title":"For the Exam-Season Crammer","hasSubCategories":false,"url":"/collection/for-the-exam-season-crammer-291934"},{"collectionId":287569,"title":"For the Hopeless Romantic","hasSubCategories":false,"url":"/collection/for-the-hopeless-romantic-287569"},{"collectionId":287567,"title":"For the Unabashed Hippie","hasSubCategories":false,"url":"/collection/for-the-unabashed-hippie-287567"},{"collectionId":292186,"title":"Just DIY It","hasSubCategories":false,"url":"/collection/just-diy-it-292186"}],"navigationCollectionsLoadedStatus":"success","navigationCategories":{"books":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/books/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/books/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/books/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/books/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/books/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/books/level-0-category-0"}},"articles":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/articles/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/articles/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/articles/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/articles/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/articles/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/articles/level-0-category-0"}}},"navigationCategoriesLoadedStatus":"success"},"searchState":{"searchList":[],"searchStatus":"initial","relatedArticlesList":[],"relatedArticlesStatus":"initial"},"routeState":{"name":"Article3","path":"/article/academics-the-arts/study-skills-test-prep/cissp/client-based-security-vulnerabilities-225543/","hash":"","query":{},"params":{"category1":"academics-the-arts","category2":"study-skills-test-prep","category3":"cissp","article":"client-based-security-vulnerabilities-225543"},"fullPath":"/article/academics-the-arts/study-skills-test-prep/cissp/client-based-security-vulnerabilities-225543/","meta":{"routeType":"article","breadcrumbInfo":{"suffix":"Articles","baseRoute":"/category/articles"},"prerenderWithAsyncData":true},"from":{"name":null,"path":"/","hash":"","query":{},"params":{},"fullPath":"/","meta":{}}},"dropsState":{"submitEmailResponse":false,"status":"initial"},"sfmcState":{"status":"initial"},"profileState":{"auth":{},"userOptions":{},"status":"success"}}Client-Based Security Vulnerabilities
The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:
- Sensitive data left behind in the file system. Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.
- Unprotected local data. Local data stores may have loose permissions and lack encryption.
- Vulnerable applets. Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.
- Unprotected or weakly protected communications. Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.
- Weak or nonexistent authentication. Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.
Identifying weaknesses like the preceding examples will require one or more of the following techniques:
- Operating system examination
- Network sniffing
- Code review
- Manual testing and observation
About This Article
This article can be found in the category:
