Adversarial Thinking: Common Weaknesses Enumeration

This lecture delves into adversarial thinking and attacks, focusing on the Common Weaknesses Enumeration (CWE) and the Common Vulnerability Scoring System. It covers weaknesses arising from non-sanitized data between components, unsanitized inputs on critical components, and ineffective defenses. The CWE Top 25 list is explored, highlighting prevalent weaknesses like improper input validation, out-of-bounds reads/writes, and exposure of sensitive information. The lecture emphasizes the importance of understanding and mitigating these vulnerabilities to enhance system security.

About this result

This page is automatically generated and may contain information that is not correct, complete, up-to-date, or relevant to your search query. The same applies to every other page on this website. Please make sure to verify the information with EPFL's official sources.

Related lectures (35)

Related concepts (51)

COM-301: Computer security and privacy

This is an introductory course to computer security and privacy. Its goal is to provide students with means to reason about security and privacy problems, and provide them with tools to confront them.

Vulnerability (computing)

Vulnerabilities are flaws in a computer system that weaken the overall security of the device/system. Vulnerabilities can be weaknesses in either the hardware itself, or the software that runs on the hardware. Vulnerabilities can be exploited by a threat actor, such as an attacker, to cross privilege boundaries (i.e. perform unauthorized actions) within a computer system. To exploit a vulnerability, an attacker must have at least one applicable tool or technique that can connect to a system weakness.

Classified information

Classified information is material that a government body deems to be sensitive information that must be protected. Access is restricted by law or regulation to particular groups of people with the necessary security clearance and need to know, and mishandling of the material can incur criminal penalties. A formal security clearance is required to view or handle classified material. The clearance process requires a satisfactory background investigation.

Classified information in the United States

The United States government classification system is established under Executive Order 13526, the latest in a long series of executive orders on the topic beginning in 1951. Issued by President Barack Obama in 2009, Executive Order 13526 replaced earlier executive orders on the topic and modified the regulations codified to 32 C.F.R. 2001. It lays out the system of classification, declassification, and handling of national security information generated by the U.S.

Security

Security is protection from, or resilience against, potential harm (or other unwanted coercion) caused by others, by restraining the freedom of others to act. Beneficiaries (technically referents) of security may be of persons and social groups, objects and institutions, ecosystems or any other entity or phenomenon vulnerable to unwanted change. Security mostly refers to protection from hostile forces, but it has a wide range of other senses: for example, as the absence of harm (e.g.

Training, validation, and test data sets

In machine learning, a common task is the study and construction of algorithms that can learn from and make predictions on data. Such algorithms function by making data-driven predictions or decisions, through building a mathematical model from input data. These input data used to build the model are usually divided into multiple data sets. In particular, three data sets are commonly used in different stages of the creation of the model: training, validation, and test sets.

Legacy Web Hosting Services Tour

Covers a tour of legacy web hosting services and discussions on future services storage.

SSL Certificate Deployment for ENAC Web Hosting

Focuses on SSL certificate deployment for ENAC Web Hosting, covering certificate generation, debugging, and Ansible playbook management.

Gitlab Agent for Kubernetes (`agentk`)

Covers the setup of a Gitlab agent for Kubernetes, focusing on installation, version control, and troubleshooting.

Cybersecurity: Threat Modeling and Solutions

Explores cybersecurity fundamentals, threat modeling, real-world case studies, and digital forensics procedures.

Online Tracking: Stateful vs. Stateless Methods CS-523: Advanced topics on privacy enhancing technologies

Explores online tracking methods, including canvas and AudioContext API fingerprinting, and their privacy implications.