Chapter 21

               Malicious Code and Application Attacks


               THE CISSP EXAM TOPICS COVERED IN THIS CHAPTER

               INCLUDE:

                      Domain 3: Security Architecture and Engineering

                        3.5 Assess and mitigate the vulnerabilities of security
                        architectures, designs, and solution elements

                        3.6 Assess and mitigate vulnerabilities in web-based systems

                      Domain 8: Software Development Security

                        8.2 Identify and apply security controls in development
                        environments


                             8.2.1 Security of the software environments
                        8.5 Define and apply secure coding guidelines and standards


                             8.5.1 Security weaknesses and vulnerabilities at the source-
                             code level













                                       In previous chapters, you learned about many
               general security principles and the policy and procedure mechanisms

               that help security practitioners develop adequate protection against
               malicious individuals. This chapter takes an in-depth look at some of
               the specific threats faced on a daily basis by administrators in the field.

               This material is not only critical for the CISSP exam; it’s also some of
               the most basic information a computer security professional must
               understand to effectively practice their trade. We’ll begin this chapter

               by looking at the risks posed by malicious code objects—viruses,