Computer Security Final

SOFTWARE SECURITY FLASHCARDS

SOFTWARE SECURITY FLASHCARDS

What are the five critical OWASP-related software flaws?

• Unvalidated input

• Cross-site scripting (XSS)

• Buffer overflow

• Injection flaws

• Improper error handling

What is defensive programming?

Programming style that assumes all input and environments are dangerous and validates everything before use.

What is security by design?

Building software securely from the beginning instead of adding security later.

What is whitelist validation?

Only accepting known safe input values or formats.

What is blacklist validation?

Rejecting known dangerous input patterns or characters.

Why is whitelist validation safer than blacklist validation?

Because attackers may bypass blacklists with unexpected inputs, while whitelists only allow approved data.

Why are blacklists weaker than whitelists?

Attackers can bypass blacklists using unexpected variations.

What is fuzzing?

Testing software with random or malformed inputs to discover vulnerabilities.

What is a buffer overflow?

When input exceeds allocated buffer size and overwrites adjacent memory.

Where can a vulnerable buffer exist?

On the stack, heap, or data section.

What can a buffer overflow overwrite?

Variables, return addresses, or control flow data.

What are possible consequences of a buffer overflow?

Crashes, corrupted data, or attacker-controlled code execution.

What is stack smashing?

Overwriting stack memory including return addresses.

Why are C and C++ more vulnerable to buffer overflows?

They allow direct memory access with limited bounds checking.

Why may testing fail to detect a buffer overflow?

Normal test inputs may not be large enough to trigger the overflow.

Why are adversarial inputs important in security testing?

Attackers intentionally craft malicious input unlike normal users.

What is an injection attack?

An attack where malicious input changes program execution flow.

What is XSS?

An attack where malicious script code is injected into web content viewed by another user.

What does XSS exploit?

The browser’s trust of content coming from the same website.

What is a memory leak?

Failure to release dynamically allocated memory, eventually exhausting heap memory.

Why are strongly typed languages generally safer?

Because they restrict unsafe interpretation of data.

What is the “Roll Your Own” fallacy?

Creating custom cryptography instead of using trusted libraries usually introduces vulnerabilities.

What is the Golden Rule of Crypto?

Do NOT roll your own cryptography.

What is the API assumption gap?

Crypto libraries assume programmers use APIs correctly; misuse can break security even if the math is strong.

What is safe coding?

Treating all external input as dangerous and validating before use.

What is input validation?

Checking data size, type, format, and range before processing.

DOS ATTACK FLASHCARDS

DOS ATTACK FLASHCARDS

What is a Denial-of-Service (DoS) attack?

An attack that prevents legitimate users from accessing systems/resources.

What resources do DoS attacks commonly exhaust?

CPU, memory, bandwidth, and disk space.

What is source address spoofing?

Forging the source IP address to hide attacker identity.

Why is spoofing useful in DoS attacks?

It makes tracing the attacker more difficult.

What is a SYN flood attack?

A DoS attack that fills a server’s half-open TCP connection table.

How does SYN flooding work?

Attacker sends many SYN packets without completing the handshake.

What is the TCP three-way handshake?

SYN → SYN-ACK → ACK.

Why does SYN flooding deny service?

The server wastes resources waiting for ACK responses that never arrive.

What are the three categories of DoS attacks?

Volumetric, protocol, and application-layer attacks.

What does a volumetric attack target?

Network bandwidth.

What does a protocol attack target?

Network devices/state tables.

What does an application-layer attack target?

Server resources like CPU/RAM.

INTRUSION DETECTION FLASHCARDS

INTRUSION DETECTION FLASHCARDS

What is an intrusion?

Unauthorized access or malicious activity on a system.

What is an IDS?

Intrusion Detection System that monitors systems/networks for attacks.

What are the main classes of intruders?

Cyber criminals, hacktivists, state-sponsored attackers, hobbyists/crackers.

What is an APT?

Advanced Persistent Threat; long-term targeted attack usually by nation-state actors.

What is reconnaissance?

Gathering information about a target before attacking.

What tools are commonly used in reconnaissance?

whois, nslookup, dig, nmap.

What is privilege escalation?

Gaining higher-level permissions after initial access.

What is spear phishing?

Targeted phishing attack aimed at specific individuals.

What is lateral movement?

Moving through additional systems after initial compromise.

What is a rootkit?

Software used to hide malicious activity and maintain access.

What does “covering tracks” mean?

Deleting logs/history to hide evidence of intrusion.

FIREWALL FLASHCARDS

FIREWALL FLASHCARDS

What is a firewall?

A security system that filters traffic between networks.

Why are firewalls used?

To create a controlled link between trusted and untrusted networks.

What is a choke point?

A single monitored location where traffic passes through.

What is a firewall access policy?

Rules defining what traffic is allowed or denied.

What characteristics can firewalls filter on?

IP address, protocol, application, user identity, network activity.

What is packet filtering?

Filtering traffic using IP addresses, ports, and protocols.

What is stateful inspection?

Tracking active connections and filtering based on connection state.

What is an application-level gateway?

Firewall that filters traffic at the application layer.

What are firewall limitations?

Cannot stop attacks that bypass the firewall or insider threats.

REGULAR EXPRESSION FLASHCARDS

REGULAR EXPRESSION FLASHCARDS

What does the “.” regex operator mean?

Matches any single character.

What does “|” mean in regex?

OR operator.

What does “^” mean in regex?

Beginning of a line.

What does “$” mean in regex?

End of a line.

What do square brackets [] mean in regex?

Character class matching any character inside brackets.

What does “*” mean in regex?

0 or more repetitions.

What does “+” mean in regex?

1 or more repetitions.

What does “?” mean in regex?

0 or 1 occurrence.

SYMMETRIC ENCRYPTION FLASHCARDS

SYMMETRIC ENCRYPTION FLASHCARDS

What are the five ingredients of symmetric encryption?

• Plaintext

• Encryption algorithm

• Secret key

• Ciphertext

• Decryption algorithm

Difference between substitution and transposition?

• Substitution replaces elements

• Transposition rearranges elements

Difference between block cipher and stream cipher?

• Block cipher encrypts fixed-size blocks

• Stream cipher encrypts continuously one element at a time

What is a ciphertext-only attack?

Attacker only has ciphertext and encryption algorithm.

What is a known-plaintext attack?

Attacker has plaintext-ciphertext pairs.

What is a chosen-plaintext attack?

Attacker chooses plaintext and obtains corresponding ciphertext.

What is a chosen-ciphertext attack?

Attacker chooses ciphertext and obtains decrypted plaintext.

What is computational security?

Breaking encryption costs more time/resources than the value or lifetime of the data.

What is a Feistel network?

A block cipher structure using repeated rounds of substitutions and permutations.

What replaced DES?

AES replaced DES in 2001.

Why is ECB insecure?

Identical plaintext blocks produce identical ciphertext blocks.

What does CBC mode do?

XORs each plaintext block with previous ciphertext block before encryption.

What is CTR mode?

Encrypts a counter value and XORs it with plaintext.

What is symmetric encryption also called?

Secret-key or conventional encryption.

What is asymmetric encryption?

Encryption using public/private key pairs.

What is the main weakness of symmetric encryption?

Secure key distribution.

What is substitution in cryptography?

Replacing plaintext elements with different elements.

What is transposition in cryptography?

Rearranging plaintext elements.

Why is AES preferred over DES?

AES is stronger and more efficient.

Why are stream ciphers fast?

They process data continuously instead of block-by-block.

AES FLASHCARDS

AES FLASHCARDS

Main AES round operations?

• SubBytes

• ShiftRows

• MixColumns

• AddRoundKey

What does SubBytes do in AES?

Performs byte substitution using an S-box.

What property does SubBytes provide?

Confusion.

What does ShiftRows do?

Rotates rows to spread bytes across columns.

What does MixColumns do?

Mixes bytes within each column for diffusion.

What does AddRoundKey do?

XORs state with expanded key material.

What are AES S-boxes used for?

Nonlinear byte substitution.