{"appState":{"pageLoadApiCallsStatus":true},"articleState":{"article":{"headers":{"creationTime":"2016-09-12T18:50:32+00:00","modifiedTime":"2016-09-12T18:50:32+00:00","timestamp":"2022-09-14T18:16:01+00:00"},"data":{"breadcrumbs":[{"name":"Academics & The Arts","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33662"},"slug":"academics-the-arts","categoryId":33662},{"name":"Study Skills & Test Prep","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33772"},"slug":"study-skills-test-prep","categoryId":33772},{"name":"CISSP","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"},"slug":"cissp","categoryId":33777}],"title":"Server-Based Security Vulnerabilities","strippedTitle":"server-based security vulnerabilities","slug":"server-based-security-vulnerabilities","canonicalUrl":"","seo":{"metaDescription":"As a security professional, your job is to assess and mitigate the vulnerabilities of security designs. Design vulnerabilities found on servers fall into the fo","noIndex":0,"noFollow":0},"content":"As a security professional, your job is to assess and mitigate the vulnerabilities of security designs. Design vulnerabilities found on servers fall into the following categories:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and also lack encryption.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the server and other systems (including clients) may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the server may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nThese defects are similar to those in the preceding Client-based section. This is because the terms <em>client</em> and <em>server</em> have only to do with perspective: in both cases, software is running on a system.","description":"As a security professional, your job is to assess and mitigate the vulnerabilities of security designs. Design vulnerabilities found on servers fall into the following categories:\r\n<ul>\r\n\t<li><strong>Sensitive data left behind in the file system.</strong> Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.</li>\r\n\t<li><strong>Unprotected local data.</strong> Local data stores may have loose permissions and also lack encryption.</li>\r\n\t<li><strong>Unprotected or weakly protected communications.</strong> Data transmitted between the server and other systems (including clients) may use weak encryption, or use no encryption at all.</li>\r\n\t<li><strong>Weak or nonexistent authentication.</strong> Authentication methods on the server may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.</li>\r\n</ul>\r\nThese defects are similar to those in the preceding Client-based section. This is because the terms <em>client</em> and <em>server</em> have only to do with perspective: in both cases, software is running on a system.","blurb":"","authors":[{"authorId":9931,"name":"Lawrence C. Miller","slug":"lawrence-c-miller","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9931"}},{"authorId":9180,"name":"Peter H. Gregory","slug":"peter-h-gregory","description":" <p><b>Lawrence C. Miller, CISSP,</b> is a veteran information security professional. He has served as a consultant for multinational corporations and holds many networking certifications.</p> <p><b>Peter H. Gregory, CISSP,</b> is a security, risk, and technology director with experience in SAAS, retail, telecommunications, non-profit, manufacturing, healthcare, and beyond. Larry and Peter have been coauthors of <i>CISSP For Dummies</i> for more than 20 years. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/9180"}}],"primaryCategoryTaxonomy":{"categoryId":33777,"title":"CISSP","slug":"cissp","_links":{"self":"https://dummies-api.dummies.com/v2/categories/33777"}},"secondaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"tertiaryCategoryTaxonomy":{"categoryId":0,"title":null,"slug":null,"_links":null},"trendingArticles":null,"inThisArticle":[],"relatedArticles":{"fromBook":[],"fromCategory":[{"articleId":254899,"title":"Assess and Mitigate Vulnerabilities in Embedded Devices","slug":"assess-mitigate-vulnerabilities-embedded-devices","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254899"}},{"articleId":254896,"title":"Assess and Mitigate Vulnerabilities in Mobile Systems","slug":"assess-mitigate-vulnerabilities-mobile-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254896"}},{"articleId":254893,"title":"Assess and Mitigate Vulnerabilities in Web-Based Systems","slug":"assess-mitigate-vulnerabilities-web-based-systems","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254893"}},{"articleId":254889,"title":"Assess and Mitigate the Vulnerabilities of Security Architectures, Designs, and Solution Elements","slug":"assess-mitigate-vulnerabilities-security-architectures-designs-solution-elements","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254889"}},{"articleId":254885,"title":"Computer Architecture and the CISSP Exam","slug":"computer-architecture-cissp-exam","categoryList":["academics-the-arts","study-skills-test-prep","cissp"],"_links":{"self":"https://dummies-api.dummies.com/v2/articles/254885"}}]},"hasRelatedBookFromSearch":true,"relatedBook":{"bookId":281732,"slug":"hacking-for-dummies","isbn":"9781119872191","categoryList":["technology","cybersecurity"],"amazon":{"default":"https://www.amazon.com/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","ca":"https://www.amazon.ca/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","indigo_ca":"http://www.tkqlhce.com/click-9208661-13710633?url=https://www.chapters.indigo.ca/en-ca/books/product/1119872197-item.html&cjsku=978111945484","gb":"https://www.amazon.co.uk/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20","de":"https://www.amazon.de/gp/product/1119872197/ref=as_li_tl?ie=UTF8&tag=wiley01-20"},"image":{"src":"https://www.dummies.com/covers/9781119872191.jpg","width":250,"height":350},"title":"Hacking For Dummies","testBankPinActivationLink":"","bookOutOfPrint":true,"authorsInfo":"\n <p><p>This All-in-One gathers the expertise of the leading <i>For Dummies</i> authors in the world of cybersecurity, including <b>Joseph Steinberg,</b> author of <i>Cybersecurity For Dummies</i>; <b><b data-author-id=\"8984\">Kevin Beaver</b>,</b> author of <i>Hacking For Dummies</i>; <b>Ted Coombs,</b> author of <i>Cloud Security For Dummies</i>; and <b>Ira Winkler,</b> author of <i>Security Awareness For Dummies</i>.</p>","authors":[{"authorId":8984,"name":"Kevin Beaver","slug":"kevin-beaver","description":" <p>This All-in-One gathers the expertise of the leading <i>For Dummies</i> authors in the world of cybersecurity, including <b>Joseph Steinberg,</b> author of <i>Cybersecurity For Dummies</i>; <b>Kevin Beaver,</b> author of <i>Hacking For Dummies</i>; <b>Ted Coombs,</b> author of <i>Cloud Security For Dummies</i>; and <b>Ira Winkler,</b> author of <i>Security Awareness For Dummies</i>. ","hasArticle":false,"_links":{"self":"https://dummies-api.dummies.com/v2/authors/8984"}}],"_links":{"self":"https://dummies-api.dummies.com/v2/books/281732"}},"collections":[],"articleAds":{"footerAd":"<div class=\"du-ad-region row\" id=\"article_page_adhesion_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_adhesion_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a61913a3\"></div></div>","rightAd":"<div class=\"du-ad-region row\" id=\"article_page_right_ad\"><div class=\"du-ad-unit col-md-12\" data-slot-id=\"article_page_right_ad\" data-refreshed=\"false\" \r\n data-target = \"[{"key":"cat","values":["academics-the-arts","study-skills-test-prep","cissp"]},{"key":"isbn","values":[null]}]\" id=\"du-slot-63221a619193b\"></div></div>"},"articleType":{"articleType":"Articles","articleList":null,"content":null,"videoInfo":{"videoId":null,"name":null,"accountId":null,"playerId":null,"thumbnailUrl":null,"description":null,"uploadDate":null}},"sponsorship":{"sponsorshipPage":false,"backgroundImage":{"src":null,"width":0,"height":0},"brandingLine":"","brandingLink":"","brandingLogo":{"src":null,"width":0,"height":0},"sponsorAd":"","sponsorEbookTitle":"","sponsorEbookLink":"","sponsorEbookImage":{"src":null,"width":0,"height":0}},"primaryLearningPath":"Advance","lifeExpectancy":null,"lifeExpectancySetFrom":null,"dummiesForKids":"no","sponsoredContent":"no","adInfo":"","adPairKey":[]},"status":"publish","visibility":"public","articleId":225546},"articleLoadedStatus":"success"},"listState":{"list":{},"objectTitle":"","status":"initial","pageType":null,"objectId":null,"page":1,"sortField":"time","sortOrder":1,"categoriesIds":[],"articleTypes":[],"filterData":{},"filterDataLoadedStatus":"initial","pageSize":10},"adsState":{"pageScripts":{"headers":{"timestamp":"2024-03-04T05:50:01+00:00"},"adsId":0,"data":{"scripts":[{"pages":["all"],"location":"header","script":"<!--Optimizely Script-->\r\n<script src=\"https://cdn.optimizely.com/js/10563184655.js\"></script>","enabled":false},{"pages":["all"],"location":"header","script":"<!-- comScore Tag -->\r\n<script>var _comscore = _comscore || [];_comscore.push({ c1: \"2\", c2: \"15097263\" });(function() {var s = document.createElement(\"script\"), el = document.getElementsByTagName(\"script\")[0]; s.async = true;s.src = (document.location.protocol == \"https:\" ? \"https://sb\" : \"http://b\") + \".scorecardresearch.com/beacon.js\";el.parentNode.insertBefore(s, el);})();</script><noscript><img src=\"https://sb.scorecardresearch.com/p?c1=2&c2=15097263&cv=2.0&cj=1\" /></noscript>\r\n<!-- / comScore Tag -->","enabled":true},{"pages":["all"],"location":"footer","script":"<!--BEGIN QUALTRICS WEBSITE FEEDBACK SNIPPET-->\r\n<script type='text/javascript'>\r\n(function(){var g=function(e,h,f,g){\r\nthis.get=function(a){for(var a=a+\"=\",c=document.cookie.split(\";\"),b=0,e=c.length;b<e;b++){for(var d=c[b];\" \"==d.charAt(0);)d=d.substring(1,d.length);if(0==d.indexOf(a))return d.substring(a.length,d.length)}return null};\r\nthis.set=function(a,c){var b=\"\",b=new Date;b.setTime(b.getTime()+6048E5);b=\"; expires=\"+b.toGMTString();document.cookie=a+\"=\"+c+b+\"; path=/; \"};\r\nthis.check=function(){var a=this.get(f);if(a)a=a.split(\":\");else if(100!=e)\"v\"==h&&(e=Math.random()>=e/100?0:100),a=[h,e,0],this.set(f,a.join(\":\"));else return!0;var c=a[1];if(100==c)return!0;switch(a[0]){case \"v\":return!1;case \"r\":return c=a[2]%Math.floor(100/c),a[2]++,this.set(f,a.join(\":\")),!c}return!0};\r\nthis.go=function(){if(this.check()){var a=document.createElement(\"script\");a.type=\"text/javascript\";a.src=g;document.body&&document.body.appendChild(a)}};\r\nthis.start=function(){var t=this;\"complete\"!==document.readyState?window.addEventListener?window.addEventListener(\"load\",function(){t.go()},!1):window.attachEvent&&window.attachEvent(\"onload\",function(){t.go()}):t.go()};};\r\ntry{(new g(100,\"r\",\"QSI_S_ZN_5o5yqpvMVjgDOuN\",\"https://zn5o5yqpvmvjgdoun-wiley.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_5o5yqpvMVjgDOuN\")).start()}catch(i){}})();\r\n</script><div id='ZN_5o5yqpvMVjgDOuN'><!--DO NOT REMOVE-CONTENTS PLACED HERE--></div>\r\n<!--END WEBSITE FEEDBACK SNIPPET-->","enabled":false},{"pages":["all"],"location":"header","script":"<!-- Hotjar Tracking Code for http://www.dummies.com -->\r\n<script>\r\n (function(h,o,t,j,a,r){\r\n h.hj=h.hj||function(){(h.hj.q=h.hj.q||[]).push(arguments)};\r\n h._hjSettings={hjid:257151,hjsv:6};\r\n a=o.getElementsByTagName('head')[0];\r\n r=o.createElement('script');r.async=1;\r\n r.src=t+h._hjSettings.hjid+j+h._hjSettings.hjsv;\r\n a.appendChild(r);\r\n })(window,document,'https://static.hotjar.com/c/hotjar-','.js?sv=');\r\n</script>","enabled":false},{"pages":["article"],"location":"header","script":"<!-- //Connect Container: dummies --> <script src=\"//get.s-onetag.com/bffe21a1-6bb8-4928-9449-7beadb468dae/tag.min.js\" async defer></script>","enabled":true},{"pages":["homepage"],"location":"header","script":"<meta name=\"facebook-domain-verification\" content=\"irk8y0irxf718trg3uwwuexg6xpva0\" />","enabled":true},{"pages":["homepage","article","category","search"],"location":"footer","script":"<!-- Facebook Pixel Code -->\r\n<noscript>\r\n<img height=\"1\" width=\"1\" src=\"https://www.facebook.com/tr?id=256338321977984&ev=PageView&noscript=1\"/>\r\n</noscript>\r\n<!-- End Facebook Pixel Code -->","enabled":true}]}},"pageScriptsLoadedStatus":"success"},"navigationState":{"navigationCollections":[{"collectionId":287568,"title":"BYOB (Be Your Own Boss)","hasSubCategories":false,"url":"/collection/for-the-entry-level-entrepreneur-287568"},{"collectionId":293237,"title":"Be a Rad Dad","hasSubCategories":false,"url":"/collection/be-the-best-dad-293237"},{"collectionId":295890,"title":"Career Shifting","hasSubCategories":false,"url":"/collection/career-shifting-295890"},{"collectionId":294090,"title":"Contemplating the Cosmos","hasSubCategories":false,"url":"/collection/theres-something-about-space-294090"},{"collectionId":287563,"title":"For Those Seeking Peace of Mind","hasSubCategories":false,"url":"/collection/for-those-seeking-peace-of-mind-287563"},{"collectionId":287570,"title":"For the Aspiring Aficionado","hasSubCategories":false,"url":"/collection/for-the-bougielicious-287570"},{"collectionId":291903,"title":"For the Budding Cannabis Enthusiast","hasSubCategories":false,"url":"/collection/for-the-budding-cannabis-enthusiast-291903"},{"collectionId":299891,"title":"For the College Bound","hasSubCategories":false,"url":"/collection/for-the-college-bound-299891"},{"collectionId":291934,"title":"For the Exam-Season Crammer","hasSubCategories":false,"url":"/collection/for-the-exam-season-crammer-291934"},{"collectionId":301547,"title":"For the Game Day Prepper","hasSubCategories":false,"url":"/collection/big-game-day-prep-made-easy-301547"}],"navigationCollectionsLoadedStatus":"success","navigationCategories":{"books":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/books/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/books/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/books/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/books/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/books/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/books/level-0-category-0"}},"articles":{"0":{"data":[{"categoryId":33512,"title":"Technology","hasSubCategories":true,"url":"/category/articles/technology-33512"},{"categoryId":33662,"title":"Academics & The Arts","hasSubCategories":true,"url":"/category/articles/academics-the-arts-33662"},{"categoryId":33809,"title":"Home, Auto, & Hobbies","hasSubCategories":true,"url":"/category/articles/home-auto-hobbies-33809"},{"categoryId":34038,"title":"Body, Mind, & Spirit","hasSubCategories":true,"url":"/category/articles/body-mind-spirit-34038"},{"categoryId":34224,"title":"Business, Careers, & Money","hasSubCategories":true,"url":"/category/articles/business-careers-money-34224"}],"breadcrumbs":[],"categoryTitle":"Level 0 Category","mainCategoryUrl":"/category/articles/level-0-category-0"}}},"navigationCategoriesLoadedStatus":"success"},"searchState":{"searchList":[],"searchStatus":"initial","relatedArticlesList":[],"relatedArticlesStatus":"initial"},"routeState":{"name":"Article3","path":"/article/academics-the-arts/study-skills-test-prep/cissp/server-based-security-vulnerabilities-225546/","hash":"","query":{},"params":{"category1":"academics-the-arts","category2":"study-skills-test-prep","category3":"cissp","article":"server-based-security-vulnerabilities-225546"},"fullPath":"/article/academics-the-arts/study-skills-test-prep/cissp/server-based-security-vulnerabilities-225546/","meta":{"routeType":"article","breadcrumbInfo":{"suffix":"Articles","baseRoute":"/category/articles"},"prerenderWithAsyncData":true},"from":{"name":null,"path":"/","hash":"","query":{},"params":{},"fullPath":"/","meta":{}}},"dropsState":{"submitEmailResponse":false,"status":"initial"},"profileState":{"auth":{},"userOptions":{},"status":"success"}}Server-Based Security Vulnerabilities
As a security professional, your job is to assess and mitigate the vulnerabilities of security designs. Design vulnerabilities found on servers fall into the following categories:
- Sensitive data left behind in the file system. Generally, this consists of temporary files and cache files, which may be accessible by other users and processes on the system.
- Unprotected local data. Local data stores may have loose permissions and also lack encryption.
- Unprotected or weakly protected communications. Data transmitted between the server and other systems (including clients) may use weak encryption, or use no encryption at all.
- Weak or nonexistent authentication. Authentication methods on the server may be unnecessarily weak. This permits an adversary to access the application, local data, or server data without first authenticating.
These defects are similar to those in the preceding Client-based section. This is because the terms client and server have only to do with perspective: in both cases, software is running on a system. About This Article
This article can be found in the category:
