2.3 - CompTIA Security+

0.0(0)
studied byStudied by 0 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/23

encourage image

There's no tags or description

Looks like no tags are added yet.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

24 Terms

1
New cards

Memory injection

Security flaws that occur when an attacker injects malicious code into an application’s process memory.

2
New cards

Buffer

An area of memory that an application reserves to store expected data.

3
New cards

Buffer overflow

A vulnerability that occurs when an attacker passes data that deliberately overfills the buffer.

4
New cards

Race condition vulnerabilities

Software flaws associated with the timing or order of events within a software program.

5
New cards

Time-of-check (TOC)

A race condition vulnerability that occurs when there is a change in a resource due to it being checked.

6
New cards

Time-of-use (TOU)

A race condition vulnerability that occurs when there is a resource change after it has been checked but before it is used.

7
New cards

Malicious update

An update that appears legitimate but contains harmful code, used by cybercriminals to distribute malware.

8
New cards

Structured Query Language injection (SQLi)

An attack that injects a malicious query to retrieve sensitive information from a database.

9
New cards

Cross-site scripting (XSS)

Web-based attack where attackers inject a malicious script on a trusted site to compromise clients.

10
New cards

End-of-life (EOL)

A product or version declared no longer supported by the manufacturer, leading to vulnerabilities.

11
New cards

Legacy systems

Outdated systems that continue to be used despite their shortcomings.

12
New cards

Virtual machine (VM) escape

A security vulnerability where an attacker escapes a virtual machine to access the host system.

13
New cards

Resource reuse

When data or resources from one VM are used by another, potentially creating vulnerabilities.

14
New cards

Cloud-specific attacks

Attacks targeting applications hosted on cloud platforms, exploiting misconfigurations or weak authentication.

15
New cards

Software supply chain

Vulnerabilities introduced to software products during their development and maintenance.

16
New cards

Service providers

Entities that offer services related to software development or deployment, potentially introducing vulnerabilities.

17
New cards

Hardware supplier

Companies providing physical components for IT systems, whose neglect can lead to vulnerabilities.

18
New cards

Software provider

Applications and frameworks used in development; their compromise can expose entire applications to attacks.

19
New cards

Cryptographic vulnerabilities

Weaknesses in cryptographic systems that can be exploited to compromise data.

20
New cards

Misconfiguration vulnerabilities

Errors in security control implementation that expose systems to unauthorized access.

21
New cards

Rooting

Gaining administrative privileges on an Android device to modify system files or install custom ROMs.

22
New cards

Side loading

Installation of applications from unofficial sources that may expose users to malware.

23
New cards

Jailbreaking

Gaining full access to an iOS device by removing limitations imposed by the iOS operating system.

24
New cards

Zero-day attacks

Exploits against previously unknown software/hardware flaws before they are fixed by developers.