Send a link to your students to track their progress
95 Terms
1
New cards
What is the most important skill a programmer has?
Problem solving.
2
New cards
What is a CPU composed of?
ALU, control unit, registers
3
New cards
What is the ALU?
Arithmetic Logic Unit
4
New cards
What is the main component a CPU communicates with?
RAM
5
New cards
What is the system bus?
The gateway channel between which the components of a system communicates.
6
New cards
What is the sequence of executing one instruction?
Fetching (get the instruction from memory). Decoding: deciphers the instruction and moves data from memory to the ALU. Execution: ALU performs mathematical or logical operation on the data. Storing: ALU stores the result in memory or register.
7
New cards
Describe the internal memory layout of a program.
Program text, data, stack, heap
8
New cards
What is the text segment of a program?
The instruction code
9
New cards
What is the data segment of a program?
The area in memory that contains global data
10
New cards
What is the ESP?
The Execution Stack Pointer (note: original author flagged this as likely wrong - should probably be "Extended", a remnant of 16->32 bit transition).
11
New cards
What is a VHLL?
Very High Level Language. These are almost like English.
12
New cards
What is another name for machine code?
Native code
13
New cards
What is another name for native code?
Machine code
14
New cards
What is a compiled language?
Code that is converted from source code to object code, then linked with other modules and/or libraries into machine code.
15
New cards
What is compilation and what does it produce?
Compilation: the process of converting textual source code written by the programmer into raw processor specific instruction codes. The output of the compilation process is called the object code.
16
New cards
What is linking?
The process of combining object code and libraries into a single executable.
17
New cards
What are the benefits of static linking?
Faster processing speed and ease of portability because dependencies are included.
18
New cards
What are the disadvantages of static linking?
Larger executables.
19
New cards
What is a security risk of using dynamic libraries?
If someone compromises a library, they can effectively compromise all binaries that use it.
20
New cards
What is an interpreted language?
One that requires an intermediary host program to read and execute each statement of instruction line by line.
21
New cards
List common interpreted languages.
REXX, PostScript, Perl, Ruby, Python.
22
New cards
Disadvantages of interpreted languages?
Slower, quicker to change, no recompilation
23
New cards
What are hybrid languages?
The source code is compiled into an intermediate stage that resembles object code.
24
New cards
What is an example of a Hybrid Language?
Java and .Net
25
New cards
What are the typical SDLC models?
Waterfall, Iterative, Spiral, Agile
26
New cards
What is the Waterfall Model?
1. Requirements specification. 2. Design. 3. Construction (also known as implementation or coding). 4. Integration. 5. Testing and debugging (also known as verification). 6. Installation. 7. Maintenance.
27
New cards
What are the 5 phases of the Waterfall model according to NIST 800-64?
The unidirectional sequential phased approach to software development.
29
New cards
What is the Iterative Model?
The project is broken into smaller versions and developed incrementally.
30
New cards
Synonym for the Iterative Model?
Prototyping
31
New cards
What is the advantage of the Iterative Model?
Increased user input opportunity.
32
New cards
What is the disadvantage of Iterative?
If planning cycles are too short, nonfunctional requirements like security get missed.
33
New cards
What is the Spiral Model?
The key characteristic of this model is that each phase has a risk assessment review activity.
34
New cards
What is the primary benefit of Agile?
Changes can be made quickly.
35
New cards
What are the two agile development methodologies?
XP and Scrum
36
New cards
What is XP?
Extreme Programming. People centric. Small projects.
37
New cards
What is Scrum?
An Agile variant that uses short (30 day) release cycles to allow requirements to change on the fly. Daily progress recorded on a burn down chart.
38
New cards
What 3 categories do the 2009 CWE/SANS Top 25 programming errors fall into?
Insecure interaction between components, Risky resource management, Porous defenses
39
New cards
Describe Injection Flaws.
User supplied data is not validated before being processed.
40
New cards
What is SQL Injection?
An attacker supplying input that becomes part of a database query.
41
New cards
What is one way of thwarting SQL Injection?
Suppress database errors, which are used for reconnaissance.
42
New cards
What is blind SQL injection?
SQL injection using boolean SQL expressions to probe a target database.
43
New cards
What is OS command injection?
Just like SQL injection.
44
New cards
What is LDAP injection?
Same principle as SQL and OS. Unsanitized input is used to construct or modify syntax, contents, and commands that are executed as an LDAP query.
45
New cards
What is XML Injection?
XML injection occurs when the software does not properly filter or quote special characters or reserved words that are used in XML, allowing an attacker to modify the syntax, contents, or commands before execution.
46
New cards
What is XPath injection?
The XPath expression used to retrieve data from the XML data store is not validated or sanitized before processing and built dynamically using user-supplied input.
47
New cards
What is XQuery Injection?
XQuery injection works the same way as an XPath injection, except that the XQuery (not XPath) expression used to retrieve data from the XML data store is not validated or sanitized before processing and built dynamically using user-supplied input.
48
New cards
What are the common traits for any injection attack?
User-supplied input is interpreted as a command or part of a command that is executed. Input from the user is not sanitized or validated before processing. The query that is constructed is generated using user-supplied input dynamically.
49
New cards
How can you prevent injection flaws?
Validate and sanitize all user input, use parameterized queries/prepared statements, use allowlists, escape special characters, apply least privilege to database accounts.
50
New cards
What is cross-site scripting?
User-supplied input is sent back to the browser client without being properly validated and its content escaped.
51
New cards
What are the types of XSS?
Nonpersistent - user supplied input script is merely included in the response from the web server. Persistent/stored - the injected script is permanently stored on the target servers, in a database, a message forum, a visitor log, or an input field. DOM-based - the payload is executed in the victim's browser as a result of DOM environment modifications on the client side.
52
New cards
What is the consequence of an XSS attack?
Attackers execute code on the user's browser, causing all the usual badness that entails.
53
New cards
How do you prevent XSS?
Escaping or encoding. Validating user supplied input with a whitelist. Disallow uploading .htm or .html extensions. Use innerText, not innerHtml (makes it non-executable). Use secure libraries and encoding frameworks that provide XSS protection. Disable active scripting in the browser, or add a plugin that does the same like NoScript. HTTPOnly flag on the session. Application layer firewall.
54
New cards
What is ESAPI?
OWASP ESAPI Encoding module
55
New cards
What is Apache Wicket?
XSS protection framework
56
New cards
What is a Type of buffer overflow prevention?
Input size validation
57
New cards
How do you prevent buffer overflows?
Input size validation. Checking buffer size. Checking buffer bounds. Integer type checks. Truncation. Use a programming language that performs its own memory management and type safety. Use safe libraries. Don't use banned API functions like strcpy(). Use unsigned integers whenever possible. Leverage compiler security. ASLR. DEP. Memory checking tools.
58
New cards
What compiler features can prevent buffer overflows?
The Microsoft Visual Studio /GS flag. Fedora/Red Hat FORTIFY_SOURCE GCC flag. StackGuard.
59
New cards
Buffer Overflows
(Marked by the deck author as "I know this already" - no detailed answer given.)
60
New cards
What is ASLR?
Address Space Layout Randomization
61
New cards
What is DEP?
Data Execution Prevention
62
New cards
What are examples of broken authentication or session management?
MITM attacks, session hijacking, impersonation
63
New cards
What is a CSRF?
Cross Site Request Forgery. An attacker forges a malicious HTTP request as a legitimate one and tricks the victim into submitting that request. Can be from an email, zero-byte image, etc. Basically, trick a user into clicking something when they're already authenticated.
64
New cards
How can users prevent CSRF attacks?
Don't save username in the browser. Don't use "remember me". Don't use the same browser to surf and access sensitive sites. Read email in plain text. Log off after using a web app. Use client side browser extensions that mitigate CSRF (e.g. CSRF Protector).
65
New cards
What can developers do to mitigate CSRF?
Use a session specific token (nonce). CAPTCHAs. Validate uniqueness of session tokens on the server. Use POST instead of GET for sensitive data along with a randomized session identifier. Use a double submitted cookie - set the value in the form and make sure it matches the cookie. Check the URL referrer tag. Reauthenticate every time (complete remediation). Transaction signing. Automated logout. Use OWASP CSRF Guard and OWASP ESAPI. Mitigate XSS.
66
New cards
What is an insecure direct object reference flaw?
One wherein an unauthorized user or process can invoke the internal functionality of the software by manipulating parameters and other object values that directly reference this functionality. For example, passing the username in cleartext in a form.
67
New cards
How can you prevent insecure direct object reference flaws?
Avoid exposing internal functionality of the software using a direct object reference that can be easily manipulated; use indirect references or access control checks on every request.
68
New cards
What is a surf jacking attack?
When a web site encrypts the authentication portion of the transaction but allows the session ID to be transmitted in cleartext, which an attacker then captures.
69
New cards
How should SSL certificates be set up?
They should be protected, properly configured, and not set to expire so that they are not spoofed. Educate users not to accept expired certificates.
70
New cards
What controls can be used to mitigate insecure transport layer protection?
Provide end-to-end channel security protecting the channel using SSL/TLS or IPSec. Avoid mixed SSL. Ensure that the session cookie's secure flag is set (causing the browser cookie to be sent only over encrypted channels, mitigating surf jacking). Use cryptography. Use unexpired and unrevoked certs. Properly configure certs.
71
New cards
What is pharming?
Modifying local system files to redirect users to fraudulent web sites, or DNS poisoning.
72
New cards
What is differential fault analysis?
Fuzzing.
73
New cards
What is a cold boot attack?
An attacker can extract secret information by freezing the data contents of memory chips and then booting up to recover the contents in memory. Data remanence in RAM.
74
New cards
What is canonicalization?
The process of converting data that has more than one possible representation to conform to a standard canonical form.
75
New cards
What is C14N?
Canonicalization
76
New cards
What is Code Access Security?
In a managed code environment, when a software program is run, it is automatically evaluated to determine the set of permissions that needs to be given to the code during runtime. Based on what permissions are granted, the program will execute as expected or throw a security exception.
77
New cards
In Code Access Security, what are the three categories of security actions that can be performed?
Requests - used to inform the runtime about the permissions that the code needs in order for it to run. Demands - used in code to assert permissions and help protect resources from callers. Overrides - used in code to override default security behavior.
78
New cards
What is declarative security syntax?
In the context of CAS, declarative security syntax means that the permissions are defined as security attributes in the metadata of the code.
79
New cards
What is imperative security syntax?
Imperative security is implemented using a new instance of the permission object inline in code.
80
New cards
What is CNG and what are its features?
The replacement to Microsoft's CryptoAPI. A new cryptographic configuration system that supports better cryptographic agility; abstraction for key storage and separation of storage from algorithm operations; process isolation for operations with long-term keys; replaceable random number generators; better export signing support; thread-safety throughout the stack; kernel-mode cryptographic API.
81
New cards
What is the difference between a dangling pointer and a wild pointer?
A dangling pointer is left when the object a valid pointer references is deleted. A wild pointer is a pointer used before it is assigned anything.
82
New cards
What is ASLR? (with detail)
Address Space Layout Randomization. A dll can be loaded into one of 256 different locations.
83
New cards
What is DEP?
Data Execution Prevention
84
New cards
What is DEP?
Data Execution Prevention
85
New cards
What is NX?
A synonym for DEP.
86
New cards
What is ESP (executable space)?
Executable Space Protection. It's the Unix/Linux equivalent of DEP.
87
New cards
What does the /GS flag do?
The compiled executable is given the ability to detect and mitigate buffer overflows of the return address pointer stored on the stack memory. Creates a security cookie before the return address of a function; if the cookie has been overwritten, the process terminates.
88
New cards
What is StackGuard?
StackGuard is a compiler technique that provides code pointer integrity checking and protection of the return address in a function against being altered.
89
New cards
What compiler does StackGuard work with?
gcc
90
New cards
How does StackGuard work?
StackGuard works by placing a known value (referred to as a canary or canary word) before the return address on the stack so that, should a buffer overflow occur, the first datum that will be corrupted is the canary.
91
New cards
What is a terminate or random canary?
A random canary is a 32-bit random number that is set on function entry (on program start) and maintained only for the time frame of that function call or program execution. A terminator canary is made up of common termination symbols for C standard string library functions, such as 0 (null), CR, LF, and -1 (EOF); when the attacker specifies these common symbols in their overflow string, the functions will terminate immediately.
92
New cards
What does /SAFESEH do?
It will produce the executable's safe exception handlers table and write that information into the program executable (PE). This table is used to verify safe (or valid) exceptions by the OS. When an exception is thrown, the OS checks the exception handler against the safe exception handler list in the PE, and if they do not match, the OS will terminate the process.
93
New cards
How can you implement anti-tampering?
Obfuscation, which can be performed on source or object code.
94
New cards
What is firmware?
Software for an embedded system.
95
New cards
What is MILS?
The MILS architecture makes it possible to create a verified, always invoked, and tamperproof application code with security features that thwart the attempts of an attacker.