CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Mitigating Attack Types Part 3

  • Session Management

  • Sessions keep track of users and their actions

  • Store user-relevant data (profile settings, shopping cart)

  • Must be protected

  • Session info can be used to impersonate you

  • Cookies

    • HTTP is stateless

    • So where do we store state info? Web cookies!

    • Securing cookies

      • Secure: send only over HTTPS

      • HttpOnly: Cannot be accessed from JS

      • SameSite: Request and cookie must come from the same domain

      • Expiration: Persistent vs non-persistent

  • Session Hijacking

    • Taking over a user’s session

    • MITM (sniffing)

    • Compromised browser

    • Predictable session IDs

    • Bad application programming

  • Cookie Poisoning

    • Attacker changes a cookies contents

    • Then sends the altered cookie to exploit a website

    • Defense?

      • Input validation. Validate the cookie

      • Encryption

      • Expiration

  • Cross-Site Request Forgery (CSRF/XSRF)

    • Mitigation on web server side

      • Stateful apps: CSRF tokens

        • Random value stored on server, sent back by client in hidden fields with every request

        • Per session or per page (no “back”)

        • Don’t send them using cookies!

      • Stateless Apps

        • Double submit cookies

          • Random value not stored on server but set in cookie and request field. Must match

        • Domain/Origin/Referrer Header

          • Check that the originating website matches the request

          • Origin/Referrer: safer, cannot be programmatically altered using JavaScript

        • SameSite Cookie Attribute

          • Browser decides whether to send cookies along with cross-sit requests: Lax, Strict, None

        • Captchas

        • Cookie protection (helps, but not enough for anti-CSRF)

          • HTTPonly, secure, path, expiration, etc

  • Clickjacking – Stealing a users clicks and inputs

    • Mitigations:

      • Frame busting – code that forces elements to be the top most element in the page

      • HTTP Headers – define which kind of frame content is acceptable

PreviousMitigating Attack Types Part 2NextPassword Cracking and Hashing

Last updated 2 years ago