2 cissp ® Official Study Guide Eighth Edition

Chapter 
21
Malicious Code and 
Application Attacks
The CISSP exAM ToPICS Covered In 
ThIS ChAPTer InClude:
✓
Domain 3: Security Architecture and Engineering
■
3.5 Assess and mitigate the vulnerabilities of security 
architectures, designs, and solution elements
■
3.6 Assess and mitigate vulnerabilities in web-based
systems
✓
Domain 8: Software Development Security
■
8.2 Identify and apply security controls in development 
environments
■
8.2.1 Security of the software environments
■
8.5 Define and apply secure coding guidelines and
standards
■
8.5.1 Security weaknesses and vulnerabilities at the
source-code level

In previous chapters, you learned about many general security 
principles and the policy and procedure mechanisms that help 
security practitioners develop adequate protection against 
malicious individuals. This chapter takes an in-depth look at some of the specific threats 
faced on a daily basis by administrators in the field.
This material is not only critical for the CISSP exam; it’s also some of the most basic 
information a computer security professional must understand to effectively practice their 
trade. We’ll begin this chapter by looking at the risks posed by malicious code objects—
viruses, worms, logic bombs, and Trojan horses. We’ll then take a look at some of the other 
security exploits used by someone attempting to gain unauthorized access to a system or to 
prevent legitimate users from gaining such access.
Malicious Code
Malicious code objects include a broad range of programmed computer security threats 
that exploit various network, operating system, software, and physical security vulnerabili-
ties to spread malicious payloads to computer systems. Some malicious code objects, such 
as computer viruses and Trojan horses, depend on irresponsible computer use by humans 
in order to spread from system to system with any success. Other objects, such as worms, 
spread rapidly among vulnerable systems under their own power.
All information security practitioners must be familiar with the risks posed by the vari-
ous types of malicious code objects so they can develop adequate countermeasures to pro-
tect the systems under their care as well as implement appropriate responses if their systems 
are compromised.

Download 19,3 Mb.

Do'stlaringiz bilan baham: