Escalation of privilege attacks seeks to take normal user accounts and transform them into accounts with administrative rights. This can be especially dangerous on systems that have external exposures, allowing someone on the Internet to take control of a server. In this video, learn how the escalation of privilege attacks work and what you can do to prevent them.
- [Instructor] Software developers must take care…to write code that is not susceptible…to privilege escalation attacks.…Escalation of privilege attacks…seek to take normal user accounts…and transform them into accounts with administrative rights.…This can be especially dangerous…on systems that have external exposure,…allowing someone on the internet…to take control of a server.…Privilege escalation vulnerabilities often arise…as the result of buffer overflow issues…or other security vulnerabilities in code…that allow an end user to execute…arbitrary instructions on the server.…
When the end user gets access…to the underlying operating system,…he or she can take advantage…of privilege escalation vulnerabilities…to leverage that access into administrative privileges.…There are some basic mitigation strategies…that developers and operations teams can take…to reduce the likelihood of privilege escalation attacks.…First, developers should perform input validation…on all input received from end users.…This validation should perform strict checking…
This course—along with the others in this nine-part series—prepare you for the CISSP exam and provide you with a solid foundation for a career in information security.
Find the companion study books at the Sybex test prep site and review the complete CISSP Body of Knowledge at https://www.isc2.org/cissp-domains/default.aspx.
- Software development methodologies
- Operation, maintenance, and change management
- Cross-site scripting
- Preventing SQL injection
- Overflow attacks
- Malicious add-ons
- Secure coding practices
- Code signing
- Risk analysis and mitigation
- Software testing
- Acquired software