{"appState":{"pageLoadApiCallsStatus":true},"articleState":{"article":{"headers":{"creationTime":"2016-09-12T18:47:09+00:00","modifiedTime":"2016-09-12T18:47:09+00:00","timestamp":"2022-09-14T18:16:01+00:00"},"data":{"breadcrumbs":[{"name":"Academics & The Arts","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33662"},"slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33772"},"slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"},"slug":"cissp","categoryId":33777}],"title":"Client-Based Security Vulnerabilities","strippedTitle":"client-based security vulnerabilities","slug":"client-based-security-vulnerabilities","canonicalUrl":"","seo":{"metaDescription":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most ","noIndex":0,"noFollow":0},"content":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and lack encryption.</li>\r\n\t<li><strong>Vulnerable applets.</strong> Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nIdentifying weaknesses like the preceding examples will require one or more of the following techniques:\r\n<ul>\r\n\t<li>Operating system examination</li>\r\n\t<li>Network sniffing</li>\r\n\t<li>Code review</li>\r\n\t<li>Manual testing and observation</li>\r\n</ul>","description":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and lack encryption.</li>\r\n\t<li><strong>Vulnerable applets.</strong> Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nIdentifying weaknesses like the preceding examples will require one or more of the following techniques:\r\n<ul>\r\n\t<li>Operating system examination</li>\r\n\t<li>Network sniffing</li>\r\n\t<li>Code review</li>\r\n\t<li>Manual testing and observation</li>\r\n</ul>","blurb":"","authors":[{"authorId":9931,"name":"Lawrence C. Miller","slug":"lawrence-c-miller","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9931"}},{"authorId":9180,"name":"Peter H. Gregory","slug":"peter-h-gregory","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9180"}}],"primaryCategoryTaxonomy":{"categoryId":33777,"title":"CISSP","slug":"cissp","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":254899,"title":"Assess and Mitigate Vulnerabilities in Embedded Devices","slug":"assess-mitigate-vulnerabilities-embedded-devices","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254899"}},{"articleId":254896,"title":"Assess and Mitigate Vulnerabilities in Mobile Systems","slug":"assess-mitigate-vulnerabilities-mobile-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254896"}},{"articleId":254893,"title":"Assess and Mitigate Vulnerabilities in Web-Based Systems","slug":"assess-mitigate-vulnerabilities-web-based-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254893"}},{"articleId":254889,"title":"Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements","slug":"assess-mitigate-vulnerabilities-security-architectures-designs-solution-elements","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254889"}},{"articleId":254885,"title":"Computer Architecture and the CISSP Exam","slug":"computer-architecture-cissp-exam","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254885"}}]},"hasRelatedBookFromSearch":true,"relatedBook":{"bookId":281732,"slug":"hacking-for-dummies","isbn":"9781119872191","categoryList":["technology","cybersecurity"],"amazon":{"default":"https://www.amazon.com/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"https://www.amazon.ca/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"http://www.tkqlhce.com/click-9208661-13710633?url=https://www.chapters.indigo.ca/en-ca/books/product/1119872197-item.html&cjsku=978111945484","gb":"https://www.amazon.co.uk/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"https://www.amazon.de/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"https://catalogimages.wiley.com/images/db/jimages/9781119872191.jpg","width":250,"height":350},"title":"Hacking For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"\n <p><p>This All-in-One gathers the expertise of the leading <i>For Dummies</i> authors in the world of cybersecurity, including <b>Joseph Steinberg,</b> author of <i>Cybersecurity For Dummies</i>; <b><b data-author-id=\"8984\">Kevin Beaver</b>,</b> author of <i>Hacking For Dummies</i>; <b>Ted Coombs,</b> author of <i>Cloud Security For Dummies</i>; and <b>Ira Winkler,</b> author of <i>Security Awareness For Dummies</i>.</p>","authors":[{"authorId":8984,"name":"Kevin Beaver","slug":"kevin-beaver","description":" <p>This All-in-One gathers the expertise of the leading <i>For Dummies</i> authors in the world of cybersecurity, including <b>Joseph Steinberg,</b> author of <i>Cybersecurity For Dummies</i>; <b>Kevin Beaver,</b> author of <i>Hacking For Dummies</i>; <b>Ted Coombs,</b> author of <i>Cloud Security For Dummies</i>; and <b>Ira Winkler,</b> author of <i>Security Awareness For Dummies</i>. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/8984"}}],"_links":{"self":"https://dummies-api.dummies.com/v2/books/281732"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a617c574\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a617cb0d\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":null,"lifeExpectancySetFrom":null,"dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":225543},"articleLoadedStatus":"success"},"listState":{"list":{},"objectTitle":"","status":"initial","pageType":null,"objectId":null,"page":1,"sortField":"time","sortOrder":1,"categoriesIds":[],"articleTypes":[],"filterData":{},"filterDataLoadedStatus":"initial","pageSize":10},"adsState":{"pageScripts":{"headers":{"timestamp":"2023-02-01T15:50:01+00:00"},"adsId":0,"data":{"scripts":[{"pages":["all"],"location":"header","script":"<!--Optimizely Script-->\r\n<script src=\"https://cdn.optimizely.com/js/10563184655.js\"></script>","enabled":false},{"pages":["all"],"location":"header","script":"<!-- comScore Tag -->\r\n<script>var _comscore = _comscore || [];_comscore.push({ c1: \"2\", c2: \"15097263\" });(function() {var s = document.createElement(\"script\"), el = document.getElementsByTagName(\"script\")[0]; s.async = true;s.src = (document.location.protocol == \"https:\" ? \"https://sb\" : \"http://b\") + \".scorecardresearch.com/beacon.js\";el.parentNode.insertBefore(s, el);})();</script><noscript><img src=\"https://sb.scorecardresearch.com/p?c1=2&c2=15097263&cv=2.0&cj=1\" /></noscript>\r\n<!-- / comScore Tag -->","enabled":true},{"pages":["all"],"location":"footer","script":"<!--BEGIN QUALTRICS WEBSITE FEEDBACK SNIPPET-->\r\n<script type='text/javascript'>\r\n(function(){var g=function(e,h,f,g){\r\nthis.get=function(a){for(var a=a+\"=\",c=document.cookie.split(\";\"),b=0,e=c.length;b<e;b++){for(var d=c[b];\" \"==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};\r\nthis.set=function(a,c){var b=\"\",b=new Date;b.setTime(b.getTime()+6048E5);b=\"; expires=\"+b.toGMTString();document.cookie=a+\"=\"+c+b+\"; path=/; \"};\r\nthis.check=function(){var a=this.get(f);if(a)a=a.split(\":\");else if(100!=e)\"v\"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(\":\"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case \"v\":return!1;case \"r\":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(\":\")),!c}return!0};\r\nthis.go=function(){if(this.check()){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=g;document.body&&document.body.appendChild(a)}};\r\nthis.start=function(){var t=this;\"complete\"!==document.readyState?window.addEventListener?window.addEventListener(\"load\",function(){t.go()},!1):window.attachEvent&&window.attachEvent(\"onload\",function(){t.go()}):t.go()};};\r\ntry{(new g(100,\"r\",\"QSI_S_ZN_5o5yqpvMVjgDOuN\",\"https://zn5o5yqpvmvjgdoun-wiley.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_5o5yqpvMVjgDOuN\")).start()}catch(i){}})();\r\n</script><div id='ZN_5o5yqpvMVjgDOuN'><!--DO NOT REMOVE-CONTENTS PLACED HERE--></div>\r\n<!--END WEBSITE FEEDBACK SNIPPET-->","enabled":false},{"pages":["all"],"location":"header","script":"<!-- Hotjar Tracking Code for http://www.dummies.com -->\r\n<script>\r\n (function(h,o,t,j,a,r){\r\n h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};\r\n h._hjSettings={hjid:257151,hjsv:6};\r\n a=o.getElementsByTagName('head')[0];\r\n r=o.createElement('script');r.async=1;\r\n r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;\r\n a.appendChild(r);\r\n })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');\r\n</script>","enabled":false},{"pages":["article"],"location":"header","script":"<!-- //Connect Container: dummies --> <script src=\"//get.s-onetag.com/bffe21a1-6bb8-4928-9449-7beadb468dae/tag.min.js\" async defer></script>","enabled":true},{"pages":["homepage"],"location":"header","script":"<meta name=\"facebook-domain-verification\" content=\"irk8y0irxf718trg3uwwuexg6xpva0\" />","enabled":true},{"pages":["homepage","article","category","search"],"location":"footer","script":"<!-- Facebook Pixel Code -->\r\n<noscript>\r\n<img height=\"1\" width=\"1\" src=\"https://www.facebook.com/tr?id=256338321977984&ev=PageView&noscript=1\"/>\r\n</noscript>\r\n<!-- End Facebook Pixel Code -->","enabled":true}]}},"pageScriptsLoadedStatus":"success"},"navigationState":{"navigationCollections":[{"collectionId":287568,"title":"BYOB (Be Your Own Boss)","hasSubCategories":false,"url":"/collection/for-the-entry-level-entrepreneur-287568"},{"collectionId":293237,"title":"Be a Rad Dad","hasSubCategories":false,"url":"/collection/be-the-best-dad-293237"},{"collectionId":295890,"title":"Career Shifting","hasSubCategories":false,"url":"/collection/career-shifting-295890"},{"collectionId":294090,"title":"Contemplating the Cosmos","hasSubCategories":false,"url":"/collection/theres-something-about-space-294090"},{"collectionId":287563,"title":"For Those Seeking Peace of Mind","hasSubCategories":false,"url":"/collection/for-those-seeking-peace-of-mind-287563"},{"collectionId":287570,"title":"For the Aspiring Aficionado","hasSubCategories":false,"url":"/collection/for-the-bougielicious-287570"},{"collectionId":291903,"title":"For the Budding Cannabis Enthusiast","hasSubCategories":false,"url":"/collection/for-the-budding-cannabis-enthusiast-291903"},{"collectionId":291934,"title":"For the Exam-Season Crammer","hasSubCategories":false,"url":"/collection/for-the-exam-season-crammer-291934"},{"collectionId":287569,"title":"For the Hopeless Romantic","hasSubCategories":false,"url":"/collection/for-the-hopeless-romantic-287569"},{"collectionId":296450,"title":"For the Spring Term Learner","hasSubCategories":false,"url":"/collection/for-the-spring-term-student-296450"}],"navigationCollectionsLoadedStatus":"success","navigationCategories":{"books":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/books/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/books/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/books/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/books/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/books/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/books/level-0-category-0"}},"articles":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/articles/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/articles/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/articles/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/articles/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/articles/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/articles/level-0-category-0"}}},"navigationCategoriesLoadedStatus":"success"},"searchState":{"searchList":[],"searchStatus":"initial","relatedArticlesList":{"term":"225543","count":5,"total":357,"topCategory":0,"items":[{"objectType":"article","id":225543,"data":{"title":"Client-Based Security Vulnerabilities","slug":"client-based-security-vulnerabilities","update_time":"2016-09-12T18:47:09+00:00","object_type":"article","image":null,"breadcrumbs":[{"name":"Academics & The Arts","slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","slug":"cissp","categoryId":33777}],"description":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:\r\n\r\n\tSensitive data left behind in the file system. Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.\r\n\tUnprotected local data. Local data stores may have loose permissions and lack encryption.\r\n\tVulnerable applets. Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.\r\n\tUnprotected or weakly protected communications. Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.\r\n\tWeak or nonexistent authentication. Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.\r\n\r\nIdentifying weaknesses like the preceding examples will require one or more of the following techniques:\r\n\r\n\tOperating system examination\r\n\tNetwork sniffing\r\n\tCode review\r\n\tManual testing and observation\r\n","item_vector":null},"titleHighlight":null,"descriptionHighlights":null,"headers":null},{"objectType":"article","id":225546,"data":{"title":"Server-Based Security Vulnerabilities","slug":"server-based-security-vulnerabilities","update_time":"2016-09-12T18:50:32+00:00","object_type":"article","image":null,"breadcrumbs":[{"name":"Academics & The Arts","slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","slug":"cissp","categoryId":33777}],"description":"As a security professional, your job is to assess and mitigate the vulnerabilities of security designs. Design vulnerabilities found on servers fall into the following categories:\r\n\r\n\tSensitive data left behind in the file system. Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.\r\n\tUnprotected local data. Local data stores may have loose permissions and also lack encryption.\r\n\tUnprotected or weakly protected communications. Data transmitted between the server and other systems (including clients) may use weak encryption, or use no encryption at all.\r\n\tWeak or nonexistent authentication. Authentication methods on the server may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.\r\n\r\nThese defects are similar to those in the preceding Client-based section. This is because the terms client and server have only to do with perspective: in both cases, software is running on a system.","item_vector":null},"titleHighlight":null,"descriptionHighlights":null,"headers":null},{"objectType":"article","id":225549,"data":{"title":"Database Management System Security Vulnerabilities","slug":"database-management-system-security-vulnerabilities","update_time":"2016-09-12T18:53:26+00:00","object_type":"article","image":null,"breadcrumbs":[{"name":"Academics & The Arts","slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","slug":"cissp","categoryId":33777}],"description":"Database management systems are nearly as complex as the operating systems on which they reside. As a security professional, you will need to assess and manage any potential security problems. Vulnerabilities in database management systems include these:\r\n\r\n\tLoose access permissions. Like applications and operating systems, database management systems have schemes of access controls that are often designed far too loosely, which permits more access to critical and sensitive information than is appropriate. This can also include failures to implement cryptography as an access control when appropriate.\r\n\tExcessive retention of sensitive data. Keeping sensitive data longer than necessary increases the impact of a security breach.\r\n\tAggregation of personally identifiable information. The practice known as aggregation of data about citizens is a potentially risky undertaking that can result in an organization possessing sensitive personal information. Sometimes, this happens when an organization deposits historic data from various sources into a data warehouse, where this disparate sensitive data is brought together for the first time. The result is a gold mine or a time bomb, depending on how you look at it.\r\n\r\nDatabase security defects can be identified through manual examination or automated tools. Mitigation may be as easy as changing access permissions or as complex as redesigning the database schema and related application software programs.","item_vector":null},"titleHighlight":null,"descriptionHighlights":null,"headers":null},{"objectType":"article","id":254893,"data":{"title":"Assess and Mitigate Vulnerabilities in Web-Based Systems","slug":"assess-mitigate-vulnerabilities-web-based-systems","update_time":"2022-09-19T15:07:20+00:00","object_type":"article","image":null,"breadcrumbs":[{"name":"Academics & The Arts","slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","slug":"cissp","categoryId":33777}],"description":"Web-based systems contain many components, including application code, database management systems, operating systems, middleware, and the web server software itself. These components may, individually and collectively, have security design or implementation defects. Some of the defects present include these:\r\n\r\n \tFailure to block injection attacks. Attacks such as JavaScript injection and SQL injection can permit an attacker to cause a web application to malfunction and expose sensitive internally stored data.\r\n \tDefective authentication. There are many, many ways in which a web site can implement authentication — they are too numerous to list here. Authentication is essential to get right; many sites fail to do so.\r\n \tDefective session management. Web servers create logical “sessions” to keep track of individual users. Many web sites’ session management mechanisms are vulnerable to abuse, most notably that permit an attacker to take over another user’s session.\r\n \tFailure to block cross-site scripting attacks. Web sites that fail to examine and sanitize input data. As a result, attackers can sometimes create attacks that send malicious content to the user.\r\n \tFailure to block cross-site request forgery attacks. Web sites that fail to employ proper session and session context management can be vulnerable to attacks in which users are tricked into sending commands to web sites that may cause them harm.\r\n \tFailure to protect direct objects references. Web sites can sometimes be tricked into accessing and sending data to a user who is not authorized to view or modify it.\r\n\r\nThese vulnerabilities can be mitigated in three main ways:\r\n\r\n \tDeveloper training on the techniques of safer software development.\r\n \tIncluding security in the development lifecycle.\r\n \tUse of dynamic and static application scanning tools.\r\n\r\nFor a more in-depth review of vulnerabilities in web-based systems, read the “Top 10” list at OWASP.","item_vector":null},"titleHighlight":null,"descriptionHighlights":null,"headers":null},{"objectType":"article","id":225503,"data":{"title":"What Is Security Threat Modeling?","slug":"security-threat-modeling","update_time":"2016-09-12T17:35:53+00:00","object_type":"article","image":null,"breadcrumbs":[{"name":"Academics & The Arts","slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","slug":"cissp","categoryId":33777}],"description":"Threat modeling is a type of risk analysis used to identify security defects in the design phase of an information system. Threat modeling is most often applied to software applications, but it can be used for operating systems and devices with equal effectiveness.\r\n\r\nThreat modeling is typically attack-centric; threat modeling most often is used to identify vulnerabilities that can be exploited by an attacker in software applications.\r\n\r\nThreat modeling is most effective when performed at the design phase of an information system or application. When threats and their mitigation are identified at the design phase, much effort is saved through the avoidance of design changes and fixes in an existing system.\r\n\r\nWhile there are different approaches to threat modeling, the typical steps are\r\n\r\n\tIdentifying threats\r\n\tDetermining and diagramming potential attacks\r\n\tPerforming reduction analysis\r\n\tRemediation of threats\r\n\r\nIdentifying threats\r\nThreat identification is the first step that is performed in threat modeling. Threats are those actions that an attacker may be able to successfully perform if there are corresponding vulnerabilities present in the application or system.\r\n\r\nFor software applications, there are two mnemonics used as a memory aid during threat modeling. They are\r\n\r\n\tSTRIDE, a list of basic threats (developed by Microsoft):\r\n\r\n\tSpoofing of user identity\r\n\tTampering\r\n\tRepudiation\r\n\tInformation disclosure\r\n\tDenial of service\r\n\tElevation of privilege\r\n\r\n\r\n\tDREAD, an older technique used for assessing threats:\r\n\r\n\tDamage\r\n\tReproducibility\r\n\tExploitability\r\n\tAffected users\r\n\tDiscoverability\r\n\r\n\r\n\r\nWhile these mnemonics themselves don’t contain threats, they do assist the individual performing threat modeling, by reminding the individual of basic threat categories (STRIDE) and their analysis (DREAD).\r\nAppendices D and E in NIST SP800-30, Guide for Conducting Risk Assessments, are a good general-purpose source for threats.\r\n\r\nDetermining and diagramming potential attacks\r\nAfter threats have been identified, threat modeling continues through the creation of diagrams that illustrate attacks on an application or system. An attack tree can be developed. It outlines the steps required to attack a system. The following figure illustrates an attack tree of a mobile banking application.\r\n\r\n[caption id=\"attachment_225504\" align=\"aligncenter\" width=\"535\"] Attack tree for a mobile banking application.[/caption]\r\nAn attack tree illustrates the steps used to attack a target system.\r\n\r\nPerforming reduction analysis\r\nWhen performing a threat analysis on a complex application or a system, it is likely that there will be many similar elements that represent duplications of technology. Reduction analysis is an optional step in threat modeling to avoid duplication of effort. It doesn’t make sense to spend a lot of time analyzing different components in an environment if they are all using the same technology and configuration.\r\n\r\nHere are typical examples:\r\n\r\n\tAn application contains several form fields (which are derived from the same source code) that request bank account number. Because all of the field input modules use the same code, detailed analysis only needs to be done once.\r\n\tAn application sends several different types of messages over the same TLS connection. Because the same certificate and connection are being used, detailed analysis of the TLS connection only needs to be done once.\r\n\r\nTechnologies and processes to remediate threats\r\nJust as in routine risk analysis, the next step in threat analysis is the enumeration of potential measures to mitigate the identified threat. Because the nature of threats varies widely, remediation may consist of one or more of the following for each risk:\r\n\r\n\tChange source code (for example, add functions to closely examine input fields and filter out injection attacks).\r\n\tChange configuration (for example, switch to a more secure encryption algorithm, or expire passwords more frequently).\r\n\tChange business process (for example, add or change steps in a process or procedure to record or examine key data).\r\n\tChange personnel (for example, provide training, move responsibility for a task to another person)\r\n\r\nRecall that the four options for risk treatment are mitigation, transfer, avoidance, and acceptance. In the case of threat modeling, some threats may be accepted as-is.","item_vector":null},"titleHighlight":null,"descriptionHighlights":null,"headers":null}]},"relatedArticlesStatus":"success"},"routeState":{"name":"Article3","path":"/article/academics-the-arts/study-skills-test-prep/cissp/client-based-security-vulnerabilities-225543/","hash":"","query":{},"params":{"category1":"academics-the-arts","category2":"study-skills-test-prep","category3":"cissp","article":"client-based-security-vulnerabilities-225543"},"fullPath":"/article/academics-the-arts/study-skills-test-prep/cissp/client-based-security-vulnerabilities-225543/","meta":{"routeType":"article","breadcrumbInfo":{"suffix":"Articles","baseRoute":"/category/articles"},"prerenderWithAsyncData":true},"from":{"name":null,"path":"/","hash":"","query":{},"params":{},"fullPath":"/","meta":{}}},"dropsState":{"submitEmailResponse":false,"status":"initial"},"sfmcState":{"status":"initial"},"profileState":{"auth":{},"userOptions":{},"status":"success"}}Client-Based Security Vulnerabilities
The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:
- Sensitive data left behind in the file system. Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.
- Unprotected local data. Local data stores may have loose permissions and lack encryption.
- Vulnerable applets. Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.
- Unprotected or weakly protected communications. Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.
- Weak or nonexistent authentication. Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.
Identifying weaknesses like the preceding examples will require one or more of the following techniques:
- Operating system examination
- Network sniffing
- Code review
- Manual testing and observation
About This Article
This article can be found in the category: