Vulnerabilities in Systems MindMap (4 of 9) | CISSP Domain 3

preview_player
Показать описание
Review of the major Vulnerabilities in Systems topics to guide your studies, and help you pass the CISSP exam.

This MindMap review covers:
00:00 Introduction
00:35 Vulnerabilities in Systems
01:07 Single Point of Failure
01:33 Redundancy
01:48 Bypass Controls
02:21 Mitigating Controls
02:57 TOCTOU (Race Conditions)
03:28 Increase frequency of Re-authentication
03:53 Emanations
04:13 Shielding (TEMPEST)
04:34 White Noise
04:48 Control Zones
05:04 Covert Channels
05:20 Analysis & Design
05:36 Aggregation & Inference
05:55 Polyinstantiation
06:21 Mobile Devices
06:42 Policy, training & procedures
07:03 Remote access security
07:16 Endpoint Security
07:28 OWASP Mobile Top 10
07:43 M1: Improper Platform Usage
07:58 M2: Insecure Data Storage
08:24 M3: Insecure Communication
08:43 M4: Insecure Authentication
09:03 M5: Insufficient Cryptography
09:17 M6: Insecure Authorization
09:48 M7: Client Code Quality
10:10 M8: Code Tampering
10:26 M9: Reverse Engineering
10:47 M10: Extraneous Functionality
11:11 Web-based Vulnerabilities
11:26 Cross Site Scripting (XSS)
11:49 Stored (Persistent)
12:45 Reflected (Most common)
13:31 DOM
13:41 Target of Attack: Client
13:53 Cross Site Request Forgery (CSRF)
14:18 Target of Attack: Server
14:28 SQL Injection
15:32 Input Validation
16:08 Client Side vs. Server Side
16:36 Allow Lists vs. Deny Lists
17:36 Outro

Join our r/DestCert subreddit for valuable CISSP resources, training advice, support, and to connect with other CISSP professionals!
  1. Destination Certification
  2. cissp
  3. cissp mindmap
  4. cissp domain 3 review
  5. cissp vulnerabilities
  6. cissp race conditions
Рекомендации по теме
Vulnerabilities in Systems 0:18:12

Vulnerabilities in Systems MindMap (4 of 9) | CISSP Domain 3

CISSP Domain 3 0:17:53

CISSP Domain 3 Review / Mind Map (4 of 9) | Vulnerabilities in Systems

CISSP Domain 4 0:17:41

CISSP Domain 4 Review | Mind Map (1 of 4) | OSI Model

CISSP Domain 7 0:09:58

CISSP Domain 7 Review / Mind Map (4 of 6) | Patching & Change Management

CISSP Domain 4 0:19:37

CISSP Domain 4 Review / Mind Map (2 of 4) | Networking

CISSP Domain 4 0:12:34

CISSP Domain 4 Review | Mind Map (4 of 4) | Remote Access

Patching & Change 0:10:26

Patching & Change Management MindMap (4 of 6) | CISSP Domain 7

Networking MindMap (2 0:19:16

Networking MindMap (2 of 4) | CISSP Domain 4

Insights into the 0:04:00

Insights into the CISO Mind Map - Vulnerability Management

CISSP Domain 4 0:17:17

CISSP Domain 4 Review | Mind Map (3 of 4) | Network Defense

Remote Access MindMap 0:12:43

Remote Access MindMap (4 of 4) | CISSP Domain 4

CISSP Domain 7: 0:05:53

CISSP Domain 7: Implementing and Supporting Patch and Vulnerability Management

CCSP MindMap for 0:14:03

CCSP MindMap for Domain 4 (3 of 7) | CCSP Exam Prep

CISSP Domain 6 0:11:57

CISSP Domain 6 Review / Mind Map (1 of 3) | Security Assessment and Testing Overview

CISSP Domain 2 0:14:22

CISSP Domain 2 Review / Mind Map (1 of 2) | Asset Classification

Web Programming I: 0:11:36

Web Programming I: L19: Web Security II, p1: Vulnerabilities

Select Systems Controls 0:07:14

Select Systems Controls Based Upon Requirements - CISSP

CISSP Domain 6 0:07:10

CISSP Domain 6 Review / Mind Map (3 of 3) | Logging & Monitoring

Models & Frameworks 0:17:05

Models & Frameworks MindMap (1 of 9) | CISSP Domain 3

External Vulnerability Assessment 0:01:23

External Vulnerability Assessment & Penetration Testing at Canary Trap

CCSP MindMap for 0:09:00

CCSP MindMap for Domain 4 (1 of 7) | CCSP Exam Prep

You’re Not Dumb: 0:18:46

You’re Not Dumb: How to Mindmap as a Beginner

CISSP Domain 5 0:06:53

CISSP Domain 5 Review / Mind Map (2 of 2) | Single Sign-on and Federated Identity Management

CISSP Domain 3 0:13:30

CISSP Domain 3 Review / Mind Map (1 of 9) | Models and Frameworks

Комментарии
Автор

Hey everyone! Just a quick note about the video at 14:20. There's a small error where I say "server" but it should have been "SQL injection." Don't worry, the fix is already underway! Thanks for watching!

--

We make it as easy as possible for you to efficiently achieve your CISSP certification.

You can learn all about our CISSP MasterClass and enrol here: destcert.com/cissp.

destcert
Автор

some pizza stores close to the Pentagon, said there is a higher demand for pizza before an invasion. that happened in the Panama War and later in the first Gulf War. Another covert Channel example, is, that it was commonly when there was immediate action, the US Eisenhower carriers gave more expensive seafood to the crew, like jumbo shrimp, that's how Analysis knew they would leave the eastern of the Mediterranean Sea

ahmedabuelatta
Автор

There is an error in the voice over for this new version of this video. It says the target of CSRF is "SQL Injection", when it should be "the Server" at around 14:20. The old version doesn't have this video editing mistake.

H._sapiens
Автор

Going to test next month, wish me luck : ) these videos pair well with practice tests

bherrera
Автор

Nobody got the predictive power of pizza deliveries reference?

saltfork
Автор

aggregation vs inference are two different concepts. it's not "aggregation" of data resulting "inference"

classiquai
Автор

I was really hoping the predictive power of pizza deliveries was going to be a Snow Crash reference

ihatetechnology.....
Автор

Sounds like the XSS attacker is a certified baddie 😂
(These videos are really helpful tho)

monishkhan
Автор

Very informative, didn't get the pizza reference though :(

moawiamohammed
Автор

Pizza: The fact that the number of pizza deliveries can be used to predict certain events or behaviors is a prime example of a covert channel. A covert channel is a communication method that is not intended for information transfer at all, yet it can reveal or transmit hidden data. In this case, by analyzing patterns in pizza deliveries, one could potentially infer or predict unrelated and non-obvious information, such as the occurrence of specific events or changes in human activity.

ITCertAcademy
Автор

White lists and Black lists are established terminology, I'm anit changing common terminology to suite the most sensitive among us. That being said, you can't help being Canadian, I forgive your ultra-polite self.

aabeard
Автор

What’s up with the skipping words. Bad audio editing.

Hopkins
visit shbcf.ru