2 cissp ® Official Study Guide Eighth Edition


Time of Check to Time of Use



Download 19,3 Mb.
Pdf ko'rish
bet867/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   863   864   865   866   867   868   869   870   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

Time of Check to Time of Use
The 
time of check to time of use (TOCTOU or TOC/TOU)
issue is a timing vulnerability 
that occurs when a program checks access permissions too far in advance of a resource 
request. For example, if an operating system builds a comprehensive list of access permis-
sions for a user upon logon and then consults that list throughout the logon session, a 
TOCTOU vulnerability exists. If the system administrator revokes a particular permission, 
that restriction would not be applied to the user until the next time they log on. If the user 
is logged on when the access revocation takes place, they will have access to the resource 
indefinitely. The user simply needs to leave the session open for days, and the new restric-
tions will never be applied.
Back Doors
Back doors
are undocumented command sequences that allow individuals with knowl-
edge of the back door to bypass normal access restrictions. They are often used during the 
development and debugging process to speed up the workflow and avoid forcing develop-
ers to continuously authenticate to the system. Occasionally, developers leave these back 
doors in the system after it reaches a production state, either by accident or so they can 
“take a peek” at their system when it is processing sensitive data to which they should not 
have access. In addition to back doors planted by developers, many types of malicious code 

Web Application Security 
935
create back doors on infected systems that allow the developers of the malicious code to 
remotely access infected systems.
No matter how they arise on a system, the undocumented nature of back doors makes 
them a significant threat to the security of any system that contains them. Individuals with 
knowledge of the back door may use it to access the system and retrieve confidential infor-
mation, monitor user activity, or engage in other nefarious acts.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   863   864   865   866   867   868   869   870   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish