Exam 1 Swen 331

swen 331 first exam lol

What is integer overflow

its when the integer data wraps around and overflows to the next integer

give an example of integer overflow happening

rounding off errors with casting can make it overwrite the next piece of data

What is a solution to integer overflow

beware of casting or just allocate more data

What is a vulnerability

a bug with security consequences that can lead to attackers using it to write exploits for malicious purpose

what is a exploit

An exploit is a piece of software that an attacker has written to use a vulnerability in an effort to cause unintended behavior

what does STRIDE stand for

Spoofing, Tampering, Repudiation, Information Disclosed, Denial of Service, Elevation of privilege

What is a threat

actor that violates CIA

what is software security

the ability to prevent unintended functionality in your application in all layers of the stack

What are 3 terms of human error terminology

slips, lapses, mistakes

what is a slip

errors that happen due to not paying attention

what is a lapse

failure of memory to do something

what is a mistake

failure of planning to take other things into consideration

what is “defense in depth”

if they break in they cant get any further

what is “least privilege”

every user/module is given the least amount of privilege it needs to function so that they restrict access

fail securely

if there is a failure in system, it doesnt leak information

security by obscurity

relying on being obscure to be secure, not good because crowds are good at guessing

frameworks are optional

dont expect frameworks to fix your problems, should know what works best for you

detect and record

post mortem analysis is important

keep it simple

keeping it simple minimize the surface of attack

What is Buffer overflow

modifying memory you shouldnt be able to access

how to avoid buffer overflow

check to see if accessing memory correctly and validate input

What are core security properties

Confidentiality, Integrity and Availability of resources

What does confidentiality mean

system must not disclose any information intended to be hidden

what does integrity mean

to maintain trust of system by not allowing assets to be attacked

what does availability mean

system must be operational and available to users

What is SQL injection

where data becomes code in SQL

How does SQL injection happen

when data from the user interface is put directly into code

how to get rid of sql injection

prepared statements

what are prepared statements

using prepared statements with binding variables to precompile query

What is cross site scripting (XSS)

inserting in input field external javascript or html to alter websites functionality by editing databases

when does XSS occur

when untrusted data enters web app from web request

victim visits generated web page through web browser that contains malicious scripts that are injected with untrusted data

What are types of XSS

non persistent, stored, DOM based

what is reflected XSS

• non persistent changes to site

• happens when attacker causes victim to supply dangerous content to web app and reflected back to vicitm, but its not permanent to the site as its not stored anywere

what is stored XSS

• persistent

• application will store dangerous data in message forum or visitor log

• allows for elevated privilege

what is DOM based XSS

client performs injection of the XXS into the page

What happens after XSS happens

• session hijacking - steal identity to perform spoofing

• web defacement - modify page to gain excess information from user without them knowing

how to prevent XSS

• sanitize inputs before putting them in databases

• defense in depth - only accept known and good inputs

what is Cross site request forgery (CSRF)

when http get request makes persistent modification then you can get users to make changes to other websites that theyre already authenticated on

what does CSRF do

• exploit trust user have on site

• causes arbitrary code execution

• causes task attacker made to be executed because get requests happen so frequently

What are ways to avoid XSS

• dont allow for GET actions to perform persistent modifications to website

• require authentication if GET needs to perform modifcation

• session tokens hidden in encrypted cookies

why is CSRF dangerous

very easy to do because GET requests are easy to make user do by forgery

what is OS command injection

when you expected input is one command, but inject another command in to create a shell or something like that to run some malicious code

how to prevent OS injection

• resend string into system you want to ensure users cant control string

What is penetrations testing

test to attempt all possible exploits on a site

what does pen testing used to show

shows stakeholders that there isnt much you can exploit your system

what is the purpose of pentesting

demonstrate the amount of person hours required to break in

What are the preconditions to pen testing

requires a working system

what are key techniques of initial access

drive by compromise , hardware additions , spearfishing

what is drive by compromise

user visits malicious sites and execute an exploit

how do hardware additions cause initial access

can get sensitive data

what is spearfishing

getting people to click on links with confidence its sent by someone they know D

what are different techniques of discovery

• network and service scanning - find out what services are running to run arbitrary command

• account discovery - finding existing accounts to find what variables there are

What are types of credential access

• brute force - password guessing

• credential dumping - dumps db table of credentials and passwords

what is execution and persistence

execution of the command line interface and service execution

what does it mean to execute the command line interface

goal is to get here in order to execute other commands for malicious activity

what does it mean to do a service execution

adding a new service to be executed without knowledge of the user

what are key requirement properties

• tells what the system should or shouldnt do

• tells who is interacting with the system

• highly domain specific

• should describe how the surrounding env has changed as result of system

what is security

its s property of software, composition of things going right

True or false, should the requirements document be more than just a list of features

True

What are misuse and abuse cases

scenario within a case which an actor compromises the system that show the flow of events with malicious usage

what is the definition of misuse

unintentional harm that are security related

what is abuse

its intentional and actor is seeking vulnerabilities

What is a naive security risk assement

write down worst fears and then avoid those things

what is risk

probability(occurance) * impact

what is a security risk

probability(exploit) * value of an asset

what is an asset

essentially stuff that its trying to protect

what are examples of assets

• database tables

• config files

• logs

• cookies

what is the main difference between risk assessment and an abuse case

abuse cases emphasize domain and R.A. emphasizes risk. Abuse cases are telling stories and how they did it, where as risk is focused on what MIGHT happen

what is protection poker

traces stories to assets and quantifies the risk for prioritization based on ease of attack and value

What is Path traversal

this is when your input string is supposed to be coming in as a file name but it can be manipulated to be something else. String concatenation went wrong

How to fix Path traversal vulnerability, and define it

canonicalization standardization: standard way to specify files by taking out all the special escape characters and putting it into one format

How does path traversal happen

it happens when you just dont check your strings before you check to see if its a valid file format or not

what is the umask for files subtract from usually

666

what is the umask subtract from directories usually

777

why do we handle umask differently for file than directories

never give execute permission by default to files

what does SUDO command do

execute the user as the root

what does su command do

change the current user to someone else

what is setuid / setguid

sets the user id or group id

what does chmod stand for

command to change permissions

what does read mean

able to READ all the files in the directory, but only able to see the directory if you know the name

what does having “write” mean you can do

mean you can create, delete and update files

what does execute mean

be able to run the program

what permissions do you need in order to read the contents of the file

need x and r permission

what does it mean to execute a directory

to execute a directory is to access all the available files

what is a umask

umask are three digits that are consulted when creating a file or directory to establish permissions

what is the difference between executing a file that is with setuid or not setuid if you dont own the file

if you dont own the file and you just execute it, youre executing as yourself. but if youre setting the uid to you, then youre briefly executing as the other user.

what happens if you do uid / gid on directories

they are ignored in linux, but mean that new files will inherit group id

What is the symbol for -R stand for

recursive - so usually for recursively setting the permissions on all the files in a directory

what does u, g , a and o stand for

user, group , everyone and other

how to change permission to make groups have read write permission

chmod g+rw

how do you say others cant read

chmod o-r

What does the STRIDE acronym represent

ways that people can break into a system

what is spoofing

you are pretending to be someone else and can violate authentication

what is tampering

integrity violation that you changed the data in a source that was supposed to be secure

what is repudiation

integrity of history violation, threat to belief that integrity was preserved

How do you prevent repudiation

Provenance

what is provenance

keeping track of a trail of information to prove a source is reliable and hasnt been tampered with

what is authentication vs authorization

authentication is proving who you actually are to just a system, authorization is how much privilege you have within a system

What happens when you have more complexity on your program

More complexity means things are harder to secure

What does it mean to have structural complexity

lots of interconnected subsystems which leads to architectural complexity as well