1.7
SDK- Software Development Kit
the programming environment used to create the software might provide sample code or libraries of pre-built functions. As with other third-party libraries or code, it is imperative to monitor for vulnerabilities.
Extensible Markup Language (XML)
used by web applications for authentication and authorizations, and for other types of data exchange and uploading. -Data submitted via XML with no encryption or input validation is vulnerable to spoofing, request forgery, and injection of arbitrary data or code.
Privilege Escalation
when a user accesses or modifies specific resources that they are not entitled to.
Third-Party Library
A binary package (such as a Dynamic Link Library in Windows or a Shared Objects library in Linux) that implements some sort of standard functionality, such as establishing a network connection or performing cryptography. Each library must be monitored for vulnerabilities and patched promptly.
Rootkit
A class of malware that modifies system files, often at the kernel level, to conceal its presence.
Reflective XXS
A malicious script hosted on the attacker's site or coded in a link injected onto a trusted site designed to compromise clients browsing the trusted site, circumventing the browser's security model of trusted zones.
Dereferencing
A software vulnerability that can occur when the code attempts to remove the relationship between a pointer and the thing it points to (pointee). If the pointee is not properly established, the dereferencing process may crash the application and corrupt memory. Causes a race condition
Race Condition
A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer. Dereferencing can cause this.
Sensitive Data Exposure
A software vulnerability where an attacker is able to circumvent access controls and retrieve confidential or sensitive data from the file system or database
Heap Overflow
A software vulnerability where input is allowed to overwrite memory locations within the area of a process' memory allocation used to store dynamically-sized variables.
Broken Authentication
A software vulnerability where the authentication mechanism allows an attacker to gain entry, such as displaying cleartext credentials, using weak session tokens, or permitting brute force login requests.
Address Space Layout randomization (ASLR)
A technique that randomizes where components in a running application are placed in memory to protect against buffer overflows.
ClickJacking
A type of hijacking attack that forces a user to unintentionally click a link that is embedded in or hidden by other web page elements.
Session Hijacking
A type of spoofing attack where the attacker disconnects a host then replaces it with his or her own machine, spoofing the original host's IP address.
Remote Code Execution
A vulnerability that allows an attacker to transmit code from a remote host for execution on a target host or a module that exploits such a vulnerability.
File Inclusion
A web application vulnerability that allows an attacker either to download a file from an aribitrary location on the host file system or to upload an executable or script file to open a backdoor.
Directory Traversal
An application attack that allows access to commands, files, and directories that may or may not be connected to the web document root directory. ..\ ../
Integer Overflow
An attack in which a computed result is too large to fit in its assigned storage space, which may lead to crashing or data corruption, and may trigger a buffer overflow.
Buffer Overflow
An attack in which data goes past the boundary of the destination buffer and begins to corrupt adjacent memory. This can allow the attacker to crash the system or execute arbitrary code.
SQL Injection
An attack that injects a database query into the input data directed at a server by accessing the client side of the application.
Password spraying
Attempting a couple common passwords on every possible account.
Credential Stuffing
Brute force attack in which stolen user account names and passwords are tested against multiple websites.
Insecure Object Reference
Coding vulnerability where unvalidated input is used to select a resource object, such as a file or database.
Cookie Poisoning
Cookie poisoning modifies the contents of a cookie after it has been generated and sent by the web service to the client's browser so that the newly modified cookie can be used to exploit vulnerabilities in the web app.
Insecure Components
Insecure components refers to code that is used or invoked outside of the main program development process.
Insufficient Logging and Monitoring
Logging can be resource-intensive however, so it is important to build the logging and monitoring solution to support defined use cases
Cookie
Text file used to store information about a user when they visit a website. Some sites use cookies to support user sessions.
XML BOMB
The XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it.
XML External Entity (XXE)
This type of attack embeds a request for a local resource, such as the server's password file.
Code Reuse
Using a block of code from elsewhere in the same application or from another application to perform a different function - copy and paste approach causes the developer to overlook potential vulnerabilities
Horizontal Privilege Escalation
When a user accesses or modifies specific resources that they are not entitled to.
Vertical Privilege Escalation
When an attacker can perform functions that are normally assigned to users in higher roles, and often explicitly denied to the attacker.
Man-In-The-Middle
Where the attacker intercepts communications between two hosts.
Persistent XXS
XSS attack aims to insert code into a back-end database used by the trusted site. For example, the attacker may submit a post to a bulletin board with a malicious script embedded in the message. When other users view the message, the malicious script is executed.
Improper Error Handler
application's interpreter will default to a standard handler and display default error messages when something goes wrong. These may leak sensitive information, such as revealing the inner workings of code to an attacker or even showing contents of database records. Errors and exceptions might then print full SQL statements, file paths, and stack traces
Error Handler
coding methods to anticipate and deal with exceptions thrown during execution of a process.
Document Object Model (DOM) XXS
describes a combination of HTML tags, CSS, and a scripting language such as JavaScript. An attacker could submit a malicious script as input and have the page execute the script.
Weak of Default Configurations
if an application is run as root or with local administrator privileges, a vulnerability will allow an attacker the same privileges to run malware code. -permissions on directories to be too permissive, allowing an exploit access to areas of the file system that should be protected
Cross-Site Request Forgery (XSRF)
must convince the victim to start a session with the target site. The attacker then must pass an HTTP request to the victim's browser that spoofs an action on the target site -request user-specific tokens in all form submissions. to combat XSRF
