Join the 40,000+ candidates in over 58 countries that have found a faster, better way to pass their certification exam.
Comprehensive practice exam engine!
All features in the FREE plan, plus:
Welcome to our Application, Attacks and Counter Measures Module. There are several different types of malware or malicious software that we should be concerned with. A virus is a piece of malicious code embedded in a program. It spreads itself by infecting programs and embedding a copy of the virus.
Worms are self-contained and self-replicating viruses. These viruses often reside in, and are transferred through, Random Access Memory or RAM. Logic bombs are triggered by some types of an event, and when the event occurs, the malicious code executes. Trojan horses are typically installed by the user voluntarily. These malicious programs will disguise themselves as useful programs that have some type of hidden code which will exploit the authorization of the process to violate the system's security.
Trojan horses are very popular in software that is illegally downloaded from the Internet. Rootkits have the ability to hide themselves within an operating system and are known as rootkits because they often attempt to obtain root access or administrator level access. In order to protect yourself from malware, you should install antivirus software.
Antivirus software requires updated definitions files to be effective because they can typically only protect you from viruses that they know about. This is why it is important to update your antivirus software frequently so that when a new virus is discovered and your provider updates the definition files to protect you from that virus, you will be protected when you install the update.
A buffer overflow attack is one of the most common types of vulnerabilities on program source code. These type of attacks try to disrupt your software applications by providing more data to the application than it was designed to handle. There are several common types of buffer overflow attacks including stack buffer overflow attacks, heap overflow attacks, and jump to register attacks.
These attacks usually occur because of a lack of input and output validation in the program. It is important that you are checking for the proper size and format of the data inputted before processing that data to avoid a buffer overflow attack from occurring. You should be familiar with buffer overflow attacks for the CISSP examination.
We also should be concerned with web application issues, such as input validation. It is important that we validate data before we process it. Because web forms are a common source of attack when attackers input special characters or some other type of code into a web form. Your developers should be checking input parameters and performing input cleansing before the form is submitted to the server. We also need to be concerned with SQL command injection where an attacker will place a SQL statement into a form and process that statement. This can allow the attacker to manipulate the database tier of your application, deleting data, modifying it or receiving a copy of data that they should not have.
Cross-site scripting attacks is where JavaScript is entered through a form or a URL parameter. This will allow an attacker to execute code in the victim's browser. This is commonly found within phishing emails and in order to avoid cross-site scripting attacks, you should only use modern tools. And you should use safe programming languages and libraries.
You should be familiar with cross-site scripting for the CISSP examination. Cross-site request forgery attacks are also common. And in this attack, a user's browser is tricked into performing some type of unwanted action. You should also be concerned with issues in software that is developed for your use. Backdoors, also known as maintenance hooks or trap doors, are access holes that are deliberately planted by the developer of the software.
This can either be with a malicious intent or it can just be making it easier for them to test the program during development or to facilitate access during production. The problem is, it can facilitate a break-in by an attacker. So these factors should always be removed at the end of the beta phase and before the system goes into production.
You should know for the CISSP examination that backdoors are not acceptable because they can make it easy for an attacker to break into your system and they should be removed. A race condition, also know as a talk to attack or time of check, time of use attack, is a timing attack where an attacker is able to insert malicious code between the time that the program checks the files, and the time that the program actually uses the files.
An object reuse attack is where an individual uses resources that are belonging to another process, such as RAM, file system, temporary files, or databases, and can cause a problem with the program's functionality. A salami attack is where a individual takes insignificant pieces of data and exfiltrates out of your system.
These insignificant pieces of data may not be important by themselves, but when the attacker combines all of the pieces of data that they've stolen, they may now have a copy of your very sensitive data. Session hijacking or TCP/IP hijacking is an active man in the middle type of attack.
Man in the middle attacks could only involve passive data interception, or they could involve active hijacking where an attacker captures a user session just prior to them signing off, and the attacker can now use that users credentials to continue accessing the website that the user was logged into and can alter the data or obtain access to information that they should not be able to access.
You should be familiar with TCP/IP session hijacking for CISSP examination. Another issue to be concerned with is ransom ware. Ransom ware is a type of malicious software that encrypts your data or locks you out of your system and then demands money to unlock the system. Crypto wall and crypto-locker are very common malicious trojans that will attempt to destroy a user's files if the user does not pay the ransom money.
You should be familiar with ransom ware for the CISSP examination. This concludes our application attacks and counter-measures module. Thank you for watching.
Classified by skill and ranked by difficulty. Choose to answer questions in STUDY MODE to review and you go.
Know when you’re ready for the high-stakes exam. Have the confidence that you will pass on your first attempt.
Don’t forget what you’ve just studied! Use the intelligent reinforcement questions to stay fresh.
THANK YOU! Just bloody thank you! I’m doing the CEH minor at my college and well...I’ve learned more from this site in a few hours than I’ve learned from my school in 9 weeks about the subject. Keep up the good work!
Skillset’s Exam Engine continuously assesses your knowledge and determines when you are ready take and pass your exam. When Skillset learns that there is a gap between your knowledge and what you need to know to pass, we present you with a focused training module that gets you up to speed quickly. No fluff! Find your knowledge gaps and fill them.
Skillset is confident that we can help anyone pass their exam. If you reach 100% readiness, and you do not pass your exam, we will refund you plus pay for a replacement exam voucher. That’s how powerful our learning system is, we can offer this guarantee and stand behind our products with this no risk to you guarantee. See terms and conditions.
Don’t waste time studying concepts you have already mastered. Focus on what you need to know to pass. The Skillset Competency Diagnostic aligns our Exam Engine and Learning Plan to your baseline knowledge. This saves an average of 31% of the time required to prep for a professional certification exam.
More PRO benefits are being built all the time!