Welcome to Scribd, the world's digital library. Read, publish, and share books and documents. See more
Download
Standard view
Full view
of .
Save to My Library
Look up keyword or section
Like this
1Activity

Table Of Contents

Vulnerability Attributes
Tactic
Attributes and Vulnerabilities
Logic Errors
Operating System Vulnerabilities
Logic Error
Application Specific Vulnerabilities
Network Protocol Design
Forced Trust Violations
Social Engineering
Gaining Access
“I forgot my password!”
“What is your password?”
Fishing for Information
Trashing
Janitorial Right
Criminal Sabotage
Corporate Sabotage
Internal Sabotage
Extortion
Computer Weakness
Security through Obscurity
Encryption
Cryptographic Short Cuts
Speed of Computer
Lack of a Sufficiently Random Key
Password Security
Secure Hashes
Aged Software and Hardware
People
Policy Oversights
Recovery of Data
Recovery of Failed Hardware
Investigation of Intruders
Investigation of when the Company is Accused of Intruding on Others
Prosecution of Intruders
Prosecution of Criminal Employees
Reporting of Intruders and Criminal Employees to the Proper Agencies
Physical Security of the Site
Electrical Security of the Site
Theft of Equipment
Theft of Software
Fault
Coding Faults
Synchronization Errors
Race Condition Errors
Temporary File Race Condition
Serialization Errors
Network Packet Sequence Attacks
Condition Validation Errors
Failure to Handle Exceptions
Temporary Files and Symlinks
Usage of the mktemp() System Call
Input Validation Error
Buffer Overflows
Origin Validation Error
Broken Logic / Failure To Catch In Regression Testing
Access Validation Error
Emergent Faults
Configuration Errors
Wrong Place
Setup Parameters
Access Permissions
SETUID Files In /sbin or /usr/sbin
Log Files with World Access
Work Directories with World Access
Installed In Wrong Place
Over-Optimistic Security Permissions
Policy Error
Backup Insecurity
Environment Faults
IFS Vulnerability
Environment Variable Settings
Shell Interpreter Vulnerabilities
Environmental Fault Taxonomies
Severity
Administrator Access
Read Restricted Files
Regular User Access
Spoofing
Non-Detectability
Denial of Service
Tactics
Physical Access
Local Access
Server Access
Client Side
Man-in-the-Middle
Cumulative Tactics
Authentication
No Authorization Required
Authorization Required
Consequence
Logic Interruption
Interactive Shell
One Time Execution of Code
One Time Execution of a Single Command
Reading of Files
Reading of Any File
Reading of a Specific Restricted File
Writing of Files
Overwriting Any File with Security Compromising Payload
Overwriting Specific Files with Security Compromising Payload
Overwriting Any File with Unusable Garbage
Overwriting Specific Files with Unusable Garbage
Appending to Files
Appending Any Files with Security Compromising Payload
Appending Specific Files with Security Compromising Payload
Appending Any File with Unusable Garbage
Appending Specific Files with Unusable Garbage
Degradation of Performance
Rendering Account(s) Unusable
Rendering a Process Unusable
Rendering a Subsystem Unusable
Rendering the Computer Unusable
Identity Modification
Assume the Identity of Administrator
Assume the Identity of User
Assume the Identity of a Non-Existent User
Assume the Identity of a Computer
Assume the Identity of Same Computer
Assume the Identity of a Non-Existent Computer
Bypassing or Changing Logs
Logs Are Not Kept of Security Important Activity
Logs Can Be Tampered With
Logs Can Be Disabled
Snooping and Monitoring
User can view a session
User can view the exported/imported session
User can confirm a hidden element
Hiding Elements
Hiding Identity
Hiding Files
Hiding Origin
Environmental Consequence Taxonomy
Object Oriented Relationships
Appendix A: Example EFT/ECT Document
0 of .
Results for:
No results containing your search query
P. 1
Computer Vulnerabilities

Computer Vulnerabilities

Ratings: (0)|Views: 1 |Likes:
Published by nick1304

More info:

Published by: nick1304 on Sep 01, 2011
Copyright:Attribution Non-commercial

Availability:

Read on Scribd mobile: iPhone, iPad and Android.
download as PDF, TXT or read online from Scribd
See more
See less

09/01/2011

pdf

text

original

You're Reading a Free Preview
Pages 4 to 6 are not shown in this preview.
You're Reading a Free Preview
Pages 10 to 67 are not shown in this preview.

You're Reading a Free Preview

Download
/*********** DO NOT ALTER ANYTHING BELOW THIS LINE ! ************/ var s_code=s.t();if(s_code)document.write(s_code)//-->