Create your own awesome maps

Even on the go

with our free apps for iPhone, iPad and Android

Get Started

Already have an account?
Log In

Application Security by Mind Map: Application Security
0.0 stars - reviews range from 0 to 5

Application Security

Hardening Practices


Auto, pros, set it and forget it, cons, latest update conflicts with other apps, remedy, lab server, after business hours

Workstation update managment, WSUS

track changes, keep a log, hard log reccomended, record decisions and changes that affect access rights to, users, groups, include list of, all software installed, version #'s, backups, backup schema, restore procedures, keep it simple use a singe reference, paper log, comp book for each critical system, removed pages obvious, easy to, take with you, carry, software, 3rd party packages exist, WSUS, free, microsoft, be a team player, keep comm, clear, concise, people move on, what will the next person find when they inherit a system you left behind?


removal, unnessesary, software, options, Comm, Resource hog, services, cause, potential vulnerabilities for unauthorized users to exploit, Examples, Server, DHCP, vulnerable to, DOS, deny IP to legit user, DOS = Denial Of Service, main security weakness, authentication not required, prevention, use MAC address filters, set up a list of auth clients, rogue DHCP server can be an issue, countermeasure, scan your network frequently, physcial access required, DNS, vulnerable to, Poisening, Hackers, profile your network, NSLOOKUP, Sysadmins, decide how much info you give out, use a proxy service to mask your nfo, Database, vulnerable to, Buffer Overflow, exploit the finite pieces of memory, crash the program and the box, program = front end, box = server, corrupt data, possible privledge escalation, ounce of prevention, input validation, example, captcha, Hackers, after successful attack typically enjoy, command shell, admin rights, motivation, bragging rights, money, revenge, Cause, mainly due to bad programming, fly by night Bangalor companies have produced bad code? Question, Fix, dowload patch, SQL Injection, what?, inserting SQL commands into input fields of the application that provides the front end to the database, example of front end is MS Great Plains, often the malicious input results in privledge escalation, Popular types, Oracle, MS SQL, MYSQL, open source, FTP, Files, configure access, read, write, modify, Users should each have a separate home directory, usernam and password sent through the wire or wirelessly in plain text, use SFTP instead, Web Server, most often attacked, Malformed Request, Data or input sent that contains some type or sequence of information that causes the web server to malfunction, bugs in the web server, cause, prevention, input validation, Web Server programming laguange vulnerabilities, JavaScript, Netscape, unrelated to Java, not compiled, interpreted, much like HTML, works with HTML, from day 1 many issues with security, example, hackers read files on your hard drive, mostly the browsers fault, Java, applets, signed applets help you sleep better because you know where the applet came from, sandbox, Java VirtualMachine (JVM), examples of vulnerabilities, hackers create code the circumvents the sandbox, security measure you can take, configure your browser to restrict Java to your liking, Active X, Microsoft, technology, used to liven up web content, more interactive, seemlessly conntect web site content to programs on your computer, user decides to use/download, care must be taken, know the source, configure your web browser correctly, lowest security setting, Active X content auto download yikes!, maintain balance, cant shut down completely, many sites completely crippled if you turn off Active X or Java in browser, convienance and security, permissions, permission is power, ActiveX controls run with the same permissions as those used by the user currently logged in, System admin, make decisions about Active X, be proactive, get upper management involved, do your homework, CGI Scripts, Cross-site Scripting, email, shut down relay function if not using it, New node, message transfer agents (MTAs), MTA relay mail from site to site, prevent relay abuse, allow only authenticated clients to use relay, only domain users can use the relay, email server are a favorite target, hackers can use your server to send, spam, Microsoft Exchange, GroupWise, email ports, POP, 110, rare, admins dont use due to spam, spam a big problem, barracuda device filters thousands every minute, IMAP, 143, Secure, POP, 995, IMAP, 993, Directory Services, Microsoft Active Directory, LDAP, vender nuetral, example of hardening, 1st, authenticate, anonymous, use only when absolutly nec, read only, NDS, eDirectory, TCP/IP, NetWare, Novell, ZENworks, configuration, distribution, Linux, Parts, Directory, protocol, Good practice, use incryption with your directory service, SSL, TLS, Why tunred on to begin with?, ease of use, plug and play, everybody wants, more sales, Telnet, Especialy important to remove remote telnet access to managed, switches, networking devices, WINS, WINS Service, Protocols, NetBIOS, NetBEUI, IPX/SPX, AppleTalk, weaknesses, with programs, not with AppleTalk per se, Workstation, games, FTP, Control Panel, Device manager, network neighborhood, disable P2P, really no place on a corporate network, many trojan horses circulate via P2P, block off ports and protocols at the firewall, use rules in SonicWall, Telnet, No longer avail on vista, IM, if must use encrypt, packet sniffers can allow hackers to see your conversation, Best practice, block advertisement of your IP address, use a personal firewall app to protect vs scans to your IP address

existing/needed services, configure properly, Examples, ACL, File safegaurds, ext3, bitlocker, NTFS

Server, system files, files should be stored on a separate disk or partition to ensure these system files are not accidentally accessed or removed, Do, apply, security patch, hotfix, service pack, check vender website frequently for news and updates, secure behind locked door, cage, install HIDS, Don't, Surf Web, install software from fly by night company, install patch, production hours, without testing on a lab server 1st, Server admins, activate security options, Know, specific apps and hardware, equal unique vulnerabilities, view venders FAQ, common ports, 1023, Logs, review, ACL, take responsibility, harden your system, research, Know thyself do you, like things easy?, security conscience?, are you balanced?, Be very familiar with different types of security vulnerabilities inherent with each type of Internet server and know how to prevent them from being exploited., balance, be reasonable, be security minded but allow info to be access easily to help make your coworkers more productive

Good Practice

start with nothing and add as needed, not the other way around, least privledge


history of past security vulnerabilities, compile, time intensive, length, longer eqauls better, 2-3 weeks minimum, nights and weekends

industry security standards

info gather, organizations, associations, other admins, don't be shy talk!

Tools, MicroSoft, Microsoft Baseline Security Analyzer (MBSA)


documented minimum

group policies, accounting, financial data, salaries, marketing, Sales, pricing, HR, confidential data, health issues, sexual orientation, each grop policy uniqe based on role, be mindful that if employee moves to a diff dept rights must be added/taken away, Role based access control, most popular, highly customizeble, fairly secure, inferior to Mandatory access control, centraly administered


Lay down the law

prohibit, P2P, Limewire, UTorrent, Torrent apps, IM, for corporate communications, vulnerable to packet sniffers, certain email attachements, .exe, torrent search engines, most outlawed

Wyatt Earp


set it up

PrettyGood Privacy, email, popular, strong


teach, Hoaxes, emotional strings, pull, new virus, end of world, chain mails, social engineering

Security Apps

Personal Firewalls

Windows firewall, heavily critized, too integrated with OS I think, other examples of app heavily integrated into OS, Windows Media Player, Internet Explorer




versions, email, regular

parts, engine, stays the same, not altered during updates, signature files, viruses contain or create a specific binary code detectable by the signature file, unique identifier, engineers make the signature files, do they get disgruntled?, have they planted logic bombs in the past?

Price, about $40, military next to nothing or free


if when installing an app and the install program prompts you to turn of your AV be weary!

If you turn off AV in order to install a program or to make some change remember to turn it back on!


Honey Pot


virtual SQL



due to limited about of free maps I will start a different topic here.

related security issue

cryptograpy, stenography

Mitigation, DRP, OFFsites, backup schemes, fire resistance

Attacks, syn flood, DOS, DDOS, masters, managers, zombies, MITM, DNS Poisening, prevent, Update, BIND, MS DNS, TCP/IP Hijacking, SMURF, blue jacking

Communication protocols, File transfer

Device Security, network devices, switch, router, legacy, telnet enabled, AP (wireless), WEP, 15 min crack, superceded, WPA2

Intrusion Detection, Sensor, connected via tap, types, based, signature, Network, active, reccomend this first, passive, Host, active, passive, behavior, Network, active, passive, Host, active, false positive prone, most proactive, passive, venders, Norton