Time
35 hours 10 minutes
Difficulty
Advanced
CEU/CPE
8

Video Transcription

00:01
greetings and welcome back the Saw Berries cop Tia certified a van Security Practice Nurse Certification preparation course.
00:10
As mentioned earlier. We begin in a brand new module margin almost six, which is titled Security. Element.
00:17
These again, the objectives. At this point time, we're going to focus attention upon discussion off the very first objective. We're just title, understand and manage software vulnerabilities.
00:29
The title, this particular section and go take a look at is
00:33
software vulnerabilities. But before we begin the price of discussing software vulnerabilities, let's engage. First of all, in a short pre assessment quiz.
00:43
And the question is as follows
00:45
your company has just purchased a Web application.
00:48
You've been acts to assess this commercial application for any potential vulnerabilities.
00:53
Which approach would be best? Would you do a ah cold with you?
00:58
Be a black box assessment, See an audit or D a vulnerable assessment.
01:03
If you said like the D, you're absolutely correct because of Otisville. Assessment is the best to to evaluate this commercial product for vulnerabilities.
01:15
So now let's turn our text to what discussion of applications security fundamentals.
01:19
African security includes measures taken throughout an application lifecycle to prevent exceptions in the security policy of an application or the underlying system.
01:30
The primary focus is on layer seven of the Oy Sy model. Now seven is called the application layer.
01:40
Now, with the application of the opposite of seven lives with us, our model other words, the open system into connection model
01:47
application security should be part of an organization have been a software or software development life cycle.
01:53
A key component of Afghan security should be for your developers, and they're managed to be aware of basic application security requirements, common threats and effective count images. Application security knowledge and maturity is significantly lower today than traditional network security.
02:14
Let's tear in turn our teacher toward a discussion of some risks that are associated with vulnerable applications. I'm on a mission. A few here. That's listen on this slide here First, all you have unauthorized access to sensitive customer or company data,
02:28
theft of sister data to conduct identity theft, credit card fraud or other crimes you also incur in the face of it of red swept your actual websites. Strong potential for brand damage, manipulation of data impacting data, integrity, quality and organizational reputation.
02:46
Redirection of your users to malicious website.
02:50
What a engaged in fishing or mayor word pipe distribution that now service villa. In other words, we're speaking about available data attack. It's gonna assume Valent uses identity,
03:01
also access to hit and Web pages using force. Or we call your L a universal really loss resource located on the words. So this makes a question. What is your software attack surface To assess your applicant security?
03:16
Many organizations that do they focus on obvious software issues or the world resource, in other words,
03:23
but what happened is they overlook their overall inventory of application and cold from less obvious sources. When they analyzed their assets,
03:35
we look at software vulnerability suffered burnt Drona Billy can best be defined, as is a glitch. Ah, flaw, a weakness present and software or in the operating system itself.
03:49
Software. Barbell is our explained by three idea factor. These are existence the system of honorable in the software access. Other words, the possibility a hacker can gain access to the vulnerability or explore
04:01
the capability of the hacker to take advantage of that bone by V or some type of two off certain type of techniques.
04:10
A vulnerable assessment basically is the best to to evaluate this. Any commercial product. Full vulnerabilities gonna be assessment is the price is identifying,
04:21
quantified and prioritizing a vulnerable in the system. Avon Be assessment process that is intended to identify threats and the rest they posed typically involve the use of automated testing tools, such as network security scanners whose results unlisted and vulnerability Assessment reports
04:40
We have escalation of privilege.
04:42
This occurs when court runs with higher purpose than that off the user who executed
04:47
privilege as a case. Include vertical purpose escalation or hards on a privilege escalation
04:57
when we look at vertical privilege escalation a lower prefers user or application access functions or content reserved for high privilege users or application. When you look at it hard on a privilege escalation on at A at a normal use excess functions or content reserved for another
05:15
normal user,
05:17
we also have system vulnerable, not just admitting software. Vulnerability is a cybersecurity term that refers to a Florida system that can leave it open to an attack. A volume It may well be referred to any type of weakness in the computer itself. In a set of procedure or anything that leaves in Frisco, it exposed to a threat.
05:39
So during this presentation, we discuss a software vulnerabilities, a glitch, floor weakness, president software. We also discussed a vulnerability is a cybersecurity term that refers to a Florida system and leaves it open to attack. We learned that a bomb, but it may also refer to a type of weakness and your computer system itself.
05:57
We learned also that somewhere farmers are explained by three idea factors. Existed.
06:00
Access as well as exports
06:03
in our upcoming presentation will be discussing a lit bit more detail discussing software vulnerabilities, which is section number to look forward to seeing you in next
06:14
video.

Up Next

CompTIA CASP+

In this CASP+ certification course, you will learn all of the domains and concepts associated with the CompTIA Advanced Security Practitioner CAS-003 CASP+ Exam. Through this course you will be fully prepared to sit for your CompTIA CASP+ Exam!

Instructed By

Instructor Profile Image
Jim Hollis
Independent Contractor
Instructor