Exam Objective 2.3
Explain various types of vulnerabilities.
- Application vulnerabilities:
- Memory injection: Unauthorized code inserted into a program’s memory space
- Buffer overflow: Data exceeding allocated memory, leading to potential exploits
- Race conditions: Conflicts arise when multiple processes access shared resources
- TOC and TOU: Timing mismatches exploited during checks and usage
- Malicious update: Attackers introducing harmful code through software updates
- Operating System (OS) Vulnerabilities Web-Based Vulnerabilities: Weakness in a website or web application
- SQL Injection (SQLI): Attackers manipulating input to exploit database vulnerabilities
- Cross-Site Scripting (XSS): Malicious scripts injected into web pages
- Hardware vulnerabilities:
- Firmware: Low-level software controlling hardware
- End-of-life: Security gaps due to discontinued hardware support
- Legacy: Older hardware with outdated security measures
- Virtualization vulnerabilities:
- VM escape: Unauthorized breakout...