Code execution attacks are a special class of attacks where the attacker exploits a vulnerability in a system that allows the attacker to run commands on that system. In this video, learn how attackers execute code on a target system through the use of arbitrary code execution and remote code execution attacks.
- [Narrator] Code execution attacks…are a special class of attacks…where the attacker exploits a vulnerability…in a system that allows the attacker…to run commands on that system.…There are many different ways…that an attacker might gain this foothold on a system,…but it's normally through some resource…that the target system exposes to the world.…For example, a public-facing web server…must expose ports 80 and/or 443 to the world,…and that port provides access…to a web server such as Apache…or Microsoft Internet Information Server.…
If an attacker learns of a code execution vulnerability…in that web server software,…the attacker may exploit the vulnerability…on an unpatched server and use it to execute…whatever commands the attacker desires on that system.…This condition where an attacker runs commands…of his or her choice is known as arbitrary code execution.…When the attack takes place from a remote system…it is also known as remote code execution.…
Attackers using code execution vulnerabilities…may perform any action they desire on the targeted system.…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software