Git-Mirrors/sec-pentesting-toolkit
1
0
Fork 0
mirror of https://github.com/autistic-symposium/sec-pentesting-toolkit.git synced 2025-04-28 03:26:08 -04:00
Code Issues Packages Projects Releases Wiki Activity
sec-pentesting-toolkit/Vulnerabilities_and_Exploits/vulnerability_glossary.md
Mari Wahl 69d06e13df glossaries
2014-11-03 11:20:37 -05:00

23 lines
1.2 KiB
Markdown
Raw Blame History

## Vulnerabilities Glossary
* LD_PRELOAD: hijacking functions to a shared library: you can set this enviroment variable direct to the linker to load a library of your choice.
### Common Vulnerabilities:
* Authentication: to not require authentication in a situation that warrants it; information isn't trustworthy (authentication in the client side).
* Authorization: there are several formal designs for access control: discretionary access control, mandatory access control, role-based access control. Vulnerabilities: missing authorization (webpages).
* Accountability: expectation that a system can identify and log users' activities. Vulnerabilities: system's failure to log operations in sensitive data; system doesn't protect its data.
* Confidentiality: expectation that only authorized parties can view data. Vulnerabilities: failure/lack in encryption, homemade encryption, storing sensitive data unnecessarily.
* Integrity: the expectation that only authorized parties are able to modify the data. Vulnerabilities: failure in access control, failure in confidentiality, bail-and-switch attack.
* Availability: capability to use a resource when expected. Vulnerability: DoS.
Reference in New Issue View Git Blame Copy Permalink