Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
19 views5 pages

Computer Security

Uploaded by

eyob daggy Girma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
19 views5 pages

Computer Security

Uploaded by

eyob daggy Girma
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 5

Assignment: Computer and Information Security

Item Vulnerability computer Threat Measure The asset

system classes protection affected

1 Bug Disruption Operational Software

2 Weak password Deception Technical Human

3 Software that is already Disruption Operational Data and


infected with virus Software

4 Missing data encryption Disclosure Technical Data

5 OS command injection Deception Operational Communication


link

7 SQL Injection Disclosure Technical Data

8 Buffer overflow Disruption Operational Software

9 Missing authorization Disclosure Technical Data

10 Use of broken algorithms Disclosure Technical Data

11 URL redirection to untrusted Deception Operational Communication


sites link

12 Path traversal Disclosure Operational Data

13 Missing authentication for Disclosure Technical Software


critical function

14 Unrestricted upload of Disruption Operational Software


dangerous file types

15 Dependence on untrusted Deception Managerial Data and


inputs in a security decision software
16 Cross-site scripting and Deception Operational Data
forgery

17 Download of codes without Deception Operational Software


integrity checks

18 Deception Managerial Human


Phishing Scams
19 Unsecure device Disclosure Managerial Human

20 Adware Disruption Operational Communication


links
1. A bug is an unexpected problem with software or hardware. Typical problems are often the
result of external interference with the program's performance that was not anticipated by the
developer. Minor bugs can cause small problems like frozen screens or unexplained error
messages that do not significantly affect usage.

2. OS Command injection is an attack in which the goal is execution of arbitrary commands on


the host operating system via a vulnerable application. Command injection attacks are possible
when an application passes unsafe user supplied data (forms, cookies, HTTP headers etc.) to a
system shell.

3. SQL injection, also known as SQLI, is a common attack vector that uses malicious SQL code
for backend database manipulation to access information that was not intended to be displayed.
This information may include any number of items, including sensitive company data, user lists
or private customer details.
4. Buffer overflow Also known as a buffer overrun, buffer overflow occurs when the amount of
data in the buffer exceeds its storage capacity. That extra data overflows into adjacent memory
locations and corrupts or overwrites the data in those locations.
5. Use of broken algorithms Using broken or weak cryptographic algorithms can leave data
vulnerable to being decrypted. Many cryptographic algorithms provided by cryptography
libraries are known to be weak, or flawed. Using such an algorithm means that an attacker may
be able to easily decrypt the encrypted data.
6. URL redirection to untrusted sites. An http parameter may contain a URL value and could
cause the web application to redirect the request to the specified URL. By modifying the URL
value to a malicious site, an attacker may successfully launch a phishing scam and steal user
credentials.
7. Path traversal is also known as directory traversal. These vulnerabilities enable an attacker to
read arbitrary files on the server that is running an application. This might include: Application
code and data.
8. Missing authentication for critical function When authentication checks are not applied,
users are able to access data or perform actions that they should not be allowed to access or
perform.
9. Restricted upload of dangerous file types file High Insufficiently restricted file uploads can
allow a file to be uploaded that runs malicious code. For example, a website that doesn't check
the file extension of an image can be exploited by uploading a script with an extension, such as .
php or
10. Cross-site scripting and forgery Let us consider the following example: Alice wishes to
transfer $100 to Bob using the bank.com web application that is vulnerable to CSRF. Maria, an
attacker, wants to trick Alice into sending the money to Maria instead. The attack will comprise
the following steps: Building an exploit URL or script.

11. Download of codes without integrity checks The product downloads source code or an
executable from a remote location and executes the code without sufficiently verifying the origin

and integrity of the code.

12. Phishing scams are one of the most common types of human security risks. They involve
attackers sending emails or messages that appear to be from legitimate sources to trick users into
divulging sensitive information or clicking on malicious links.

13. Unsecured devices, such as laptops or smartphones that are left unattended or unprotected
can also pose a significant human security risk. Attackers can gain access to sensitive
information by physically accessing these devices.

14. Adware is a type of malware or unwanted software designed to deliver targeted


advertisements on infected computers. Adware can serve ad pages and collect information about
users to target them better with customized ads.

You might also like