Show:
Database Architecture and Models
Virus Types
Web Attacks
Security Assessment/Testing Terms
Trusted Computer Base (TCB)
100

Uses attributes (columns) and tuples (rows) to organize data

Relational Model

100

Boot record infectors, gain the most privileged access and can be the most damaging

Boot sector

100

Browser site trust is exploited by trying to submit authenticated requests forcefully to third-party sites.

Cross-site request forgery (CSRF / XSRF)

100

A process of identifying and determining the true nature if system vulnerabilities

Penetration Testing

100

What is TCB

The set of all hardware, firmware, and/or software components that are critical to its security. Any compromises here are critical to system security.

200

Parent child structure. An object can have one child, multiple children or no children.

Hierarchical Model

200

Any modifications to files or boot sector are hidden by the virus

Stealth

200

Uses inputs to pretend a user’s browser to execute untrusted code from a trusted site

Cross-site scripting (XSS)

200

System with published APIs - third parties can use system

Open system

200

May need to interact with higher rings of protection - such communications must be monitored

Input/output operations

300

Similar to hierarchical model but objects can have multiple parents

Network Model

300

The virus modifies the "garble" pattern as it spreads

Polymorphic

300

Attempts to obtain previously authenticated sessions without forcing browser requests submission

Session Hijacking

300

Proprietary system - no third-party involvement

Closed system

300

imaginary boundary that separates the TCB from the rest of the system

security perimeter

400

Has the capability to handle a variety of data types and is more dynamic than a relational database.

Object-Oriented Model

400

Infects the bootable section of the system

Master boot record / sector (MBR)

400

Directly attacks a database through a web app

SQL Injection

400

Source code can be viewed, edited and distributed free or with attribution or fees

Open-source

400

The part of the TCB that validates access to every resource prior to granting access requests

reference monitor

500

Combination of object oriented and relational models.

Object-Relational Model

500

Loads as and when a program loads to the memory

Resident

500

An attacker hijacks a session between a trusted client and network server

Man in the middle

500

A set of functions and procedures allowing the creation of applications that access the features or data of an operating system, application, or other service.

API  application programming interface 

500

Monitoring of memory references to verify confidentiality and integrity in storage

Memory protection