Vulnerabilities, along with threats and attacks, make up a portion of the first domain of CompTIA’s Security+ exam (SYO-501) and account for 21 percent of the exam score. To clear the Security+ exam, a candidate should have not only knowledge of the basic terminology and concepts, but also the ramifications associated with different vulnerabilities, as discussed below.
Explain Ramifications of Vulnerabilities
When a user/company connects to the World Wide Web, they make their devices vulnerable to all kinds of illicit programs. Today, even the devices disconnected from the internet are vulnerable to adversaries. For the Security+ exam, the candidates must be aware of the ramifications of these vulnerabilities.
Improper input handling
When a software programmer or web application developer doesn’t validate the data placed into a software or web app, an adversary can inject malicious code into it to control its functionality. Hence, cybercriminals can take advantage of improper input handling to expose sensitive data, compromise tokens, deface websites, force the victim’s browser to generate fake requests, conduct a server takeover, and put SQL injections to gain access to authorized data. Enterprise-wide improper input handling can distort the positioning of its software development lifecycle, which often results in loss of business and reputation.
Many organizations continue to face the negative implications of untrained users. This is because they don’t give importance to security awareness training, and those that do don’t evaluate post-training implementation. Even though users attend training sessions, for instance, many go back and do not apply what they learned. That could have several ramifications ranging from inefficient operations to high-level security breaches, where untrained users fail to identify backdoors, making it easy for adversaries to gain authorized access to mission-critical information. Naturally, inexperienced users can create new vulnerabilities every day. Slip-ups due to lack of (Read more...)
*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Dan Virgillito. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/vSwcRiHmSGE/