{"appState":{"pageLoadApiCallsStatus":true},"articleState":{"article":{"headers":{"creationTime":"2016-09-12T18:47:09+00:00","modifiedTime":"2016-09-12T18:47:09+00:00","timestamp":"2022-02-24T17:01:58+00:00"},"data":{"breadcrumbs":[{"name":"Academics & The Arts","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33662"},"slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33772"},"slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"},"slug":"cissp","categoryId":33777}],"title":"Client-Based Security Vulnerabilities","strippedTitle":"client-based security vulnerabilities","slug":"client-based-security-vulnerabilities","canonicalUrl":"","seo":{"metaDescription":"","noIndex":0,"noFollow":0},"content":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and lack encryption.</li>\r\n\t<li><strong>Vulnerable applets.</strong> Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nIdentifying weaknesses like the preceding examples will require one or more of the following techniques:\r\n<ul>\r\n\t<li>Operating system examination</li>\r\n\t<li>Network sniffing</li>\r\n\t<li>Code review</li>\r\n\t<li>Manual testing and observation</li>\r\n</ul>","description":"The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and lack encryption.</li>\r\n\t<li><strong>Vulnerable applets.</strong> Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nIdentifying weaknesses like the preceding examples will require one or more of the following techniques:\r\n<ul>\r\n\t<li>Operating system examination</li>\r\n\t<li>Network sniffing</li>\r\n\t<li>Code review</li>\r\n\t<li>Manual testing and observation</li>\r\n</ul>","blurb":"","authors":[{"authorId":9931,"name":"Lawrence C. Miller","slug":"lawrence-c-miller","description":"Lawrence Miller, CISSP, is a security consultant with experience in consulting, defense, legal, nonprofit, retail, and telecommunications.","_links":{"self":"https://dummies-api.dummies.com/v2/authors/9931"}},{"authorId":9180,"name":"Peter H. Gregory","slug":"peter-h-gregory","description":"Peter H. Gregory, CISSP, is an executive advisor at a global security advisory firm. He is also a cybersecurity advisor and adjunct instructor for the University of Washington and the University of South Florida and the author of more than 40 books.","_links":{"self":"https://dummies-api.dummies.com/v2/authors/9180"}}],"primaryCategoryTaxonomy":{"categoryId":33777,"title":"CISSP","slug":"cissp","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":254899,"title":"Assess and Mitigate Vulnerabilities in Embedded Devices","slug":"assess-mitigate-vulnerabilities-embedded-devices","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254899"}},{"articleId":254896,"title":"Assess and Mitigate Vulnerabilities in Mobile Systems","slug":"assess-mitigate-vulnerabilities-mobile-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254896"}},{"articleId":254893,"title":"Assess and Mitigate Vulnerabilities in Web-Based Systems","slug":"assess-mitigate-vulnerabilities-web-based-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254893"}},{"articleId":254889,"title":"Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements","slug":"assess-mitigate-vulnerabilities-security-architectures-designs-solution-elements","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254889"}},{"articleId":254885,"title":"Computer Architecture and the CISSP Exam","slug":"computer-architecture-cissp-exam","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254885"}}]},"hasRelatedBookFromSearch":true,"relatedBook":{"bookId":281813,"slug":"penetration-testing-for-dummies","isbn":"9781119577485","categoryList":["technology","cybersecurity"],"amazon":{"default":"https://www.amazon.com/gp/product/1119577489/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"https://www.amazon.ca/gp/product/1119577489/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"http://www.tkqlhce.com/click-9208661-13710633?url=https://www.chapters.indigo.ca/en-ca/books/product/1119577489-item.html&cjsku=978111945484","gb":"https://www.amazon.co.uk/gp/product/1119577489/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"https://www.amazon.de/gp/product/1119577489/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"https://catalogimages.wiley.com/images/db/jimages/9781119577485.jpg","width":250,"height":350},"title":"Penetration Testing For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"\n <p><b data-author-id=\"33354\">Robert Shimonski</b> is an ethical hacker and a professional IT leader who has led numerous efforts to design, strategize, and implement enterprise solutions that must remain secure. Rob has been involved in security and technology operations for more than 25 years and has written his books from the trenches of experience.</p>","authors":[{"authorId":33354,"name":"Robert Shimonski","slug":"robert-shimonski","description":"Robert Shimonski is an ethical hacker and a professional IT leader who has led numerous efforts to design, strategize, and implement enterprise solutions that must remain secure. Rob has been involved in security and technology operations for more than 25 years and has written his books from the trenches of experience. ","_links":{"self":"https://dummies-api.dummies.com/v2/authors/33354"}}],"_links":{"self":"https://dummies-api.dummies.com/v2/books/281813"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-6217ba062bc30\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-6217ba062c601\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":null,"lifeExpectancySetFrom":null,"dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":225543},"articleLoadedStatus":"success"},"listState":{"list":{},"objectTitle":"","status":"initial","pageType":null,"objectId":null,"page":1,"sortField":"time","sortOrder":1,"categoriesIds":[],"articleTypes":[],"filterData":{},"filterDataLoadedStatus":"initial","pageSize":10},"adsState":{"pageScripts":{"headers":{"timestamp":"2022-05-16T12:59:10+00:00"},"adsId":0,"data":{"scripts":[{"pages":["all"],"location":"header","script":"\r\n<script src=\"https://cdn.optimizely.com/js/10563184655.js\"></script>","enabled":false},{"pages":["all"],"location":"header","script":"\r\n<script>var _comscore = _comscore || [];_comscore.push({ c1: \"2\", c2: \"15097263\" });(function() {var s = document.createElement(\"script\"), el = document.getElementsByTagName(\"script\")[0]; s.async = true;s.src = (document.location.protocol == \"https:\" ? \"https://sb\" : \"http://b\") + \".scorecardresearch.com/beacon.js\";el.parentNode.insertBefore(s, el);})();</script><noscript><img src=\"https://sb.scorecardresearch.com/p?c1=2&c2=15097263&cv=2.0&cj=1\" /></noscript>\r\n","enabled":true},{"pages":["all"],"location":"footer","script":"\r\n<script type='text/javascript'>\r\n(function(){var g=function(e,h,f,g){\r\nthis.get=function(a){for(var a=a+\"=\",c=document.cookie.split(\";\"),b=0,e=c.length;b<e;b++){for(var d=c[b];\" \"==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};\r\nthis.set=function(a,c){var b=\"\",b=new Date;b.setTime(b.getTime()+6048E5);b=\"; expires=\"+b.toGMTString();document.cookie=a+\"=\"+c+b+\"; path=/; \"};\r\nthis.check=function(){var a=this.get(f);if(a)a=a.split(\":\");else if(100!=e)\"v\"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(\":\"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case \"v\":return!1;case \"r\":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(\":\")),!c}return!0};\r\nthis.go=function(){if(this.check()){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=g;document.body&&document.body.appendChild(a)}};\r\nthis.start=function(){var t=this;\"complete\"!==document.readyState?window.addEventListener?window.addEventListener(\"load\",function(){t.go()},!1):window.attachEvent&&window.attachEvent(\"onload\",function(){t.go()}):t.go()};};\r\ntry{(new g(100,\"r\",\"QSI_S_ZN_5o5yqpvMVjgDOuN\",\"https://zn5o5yqpvmvjgdoun-wiley.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_5o5yqpvMVjgDOuN\")).start()}catch(i){}})();\r\n</script><div id='ZN_5o5yqpvMVjgDOuN'></div>\r\n","enabled":false},{"pages":["all"],"location":"header","script":"\r\n<script>\r\n (function(h,o,t,j,a,r){\r\n h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};\r\n h._hjSettings={hjid:257151,hjsv:6};\r\n a=o.getElementsByTagName('head')[0];\r\n r=o.createElement('script');r.async=1;\r\n r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;\r\n a.appendChild(r);\r\n })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');\r\n</script>","enabled":false},{"pages":["article"],"location":"header","script":" <script src=\"//get.s-onetag.com/bffe21a1-6bb8-4928-9449-7beadb468dae/tag.min.js\" async defer></script>","enabled":true},{"pages":["homepage"],"location":"header","script":"<meta name=\"facebook-domain-verification\" content=\"irk8y0irxf718trg3uwwuexg6xpva0\" />","enabled":true},{"pages":["homepage","article","category","search"],"location":"footer","script":"\r\n<noscript>\r\n<img height=\"1\" width=\"1\" src=\"https://www.facebook.com/tr?id=256338321977984&ev=PageView&noscript=1\"/>\r\n</noscript>\r\n","enabled":true}]}},"pageScriptsLoadedStatus":"success"},"searchState":{"searchList":[],"searchStatus":"initial","relatedArticlesList":[],"relatedArticlesStatus":"initial"},"routeState":{"name":"Article3","path":"/article/academics-the-arts/study-skills-test-prep/cissp/client-based-security-vulnerabilities-225543/","hash":"","query":{},"params":{"category1":"academics-the-arts","category2":"study-skills-test-prep","category3":"cissp","article":"client-based-security-vulnerabilities-225543"},"fullPath":"/article/academics-the-arts/study-skills-test-prep/cissp/client-based-security-vulnerabilities-225543/","meta":{"routeType":"article","breadcrumbInfo":{"suffix":"Articles","baseRoute":"/category/articles"},"prerenderWithAsyncData":true},"from":{"name":null,"path":"/","hash":"","query":{},"params":{},"fullPath":"/","meta":{}}},"dropsState":{"submitEmailResponse":false,"status":"initial"},"sfmcState":{"newsletterSignupStatus":"initial"}}

Client-Based Security Vulnerabilities

By: Lawrence C. Miller and Peter H. Gregory and

Updated: 09-12-2016

Penetration Testing For Dummies

Explore Book Buy On Amazon

The types of design vulnerabilities often found on endpoints involve defects in client-side code that is present in browsers and applications. The defects most often found include these:

Sensitive data left behind in the file system. Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.
Unprotected local data. Local data stores may have loose permissions and lack encryption.
Vulnerable applets. Many browsers and other client applications often employ applets for viewing documents and video files. Often, the applets themselves may have exploitable weaknesses.
Unprotected or weakly protected communications. Data transmitted between the client and other systems may use weak encryption, or use no encryption at all.
Weak or nonexistent authentication. Authentication methods on the client, or between the client and server systems, may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.

Identifying weaknesses like the preceding examples will require one or more of the following techniques:

Operating system examination
Network sniffing
Code review
Manual testing and observation

About This Article

This article is from the book:

Penetration Testing For Dummies ,

About the book author:

Robert Shimonski is an ethical hacker and a professional IT leader who has led numerous efforts to design, strategize, and implement enterprise solutions that must remain secure. Rob has been involved in security and technology operations for more than 25 years and has written his books from the trenches of experience.

This article can be found in the category:

CISSP ,