1.2 KiB
Vulnerabilities Glossary
- LD_PRELOAD: hijacking functions to a shared library: you can set this enviroment variable direct to the linker to load a library of your choice.
Common Vulnerabilities:
-
Authentication: to not require authentication in a situation that warrants it; information isn't trustworthy (authentication in the client side).
-
Authorization: there are several formal designs for access control: discretionary access control, mandatory access control, role-based access control. Vulnerabilities: missing authorization (webpages).
-
Accountability: expectation that a system can identify and log users' activities. Vulnerabilities: system's failure to log operations in sensitive data; system doesn't protect its data.
-
Confidentiality: expectation that only authorized parties can view data. Vulnerabilities: failure/lack in encryption, homemade encryption, storing sensitive data unnecessarily.
-
Integrity: the expectation that only authorized parties are able to modify the data. Vulnerabilities: failure in access control, failure in confidentiality, bail-and-switch attack.
-
Availability: capability to use a resource when expected. Vulnerability: DoS.