Vulnerabilities in Systems MindMap (4 of 9) | CISSP Domain 3

Review of the major Vulnerabilities in Systems topics to guide your studies, and help you pass the CISSP exam. This MindMap review covers: 00:00 Introduction 00:35 Vulnerabilities in Systems 01:07 Single Point of Failure 01:33 Redundancy 01:48 Bypass Controls 02:21 Mitigating Controls 02:57 TOCTOU (Race Conditions) 03:28 Increase frequency of Re-authentication 03:53 Emanations 04:13 Shielding (TEMPEST) 04:34 White Noise 04:48 Control Zones 05:04 Covert Channels 05:20 Analysis & Design 05:36 Aggregation & Inference 05:55 Polyinstantiation 06:21 Mobile Devices 06:42 Policy, training & procedures 07:03 Remote access security 07:16 Endpoint Security 07:28 OWASP Mobile Top 10 07:43 M1: Improper Platform Usage 07:58 M2: Insecure Data Storage 08:24 M3: Insecure Communication 08:43 M4: Insecure Authentication 09:03 M5: Insufficient Cryptography 09:17 M6: Insecure Authorization 09:48 M7: Client Code Quality 10:10 M8: Code Tampering 10:26 M9: Reverse Engineering 10:47 M10: Extraneous Functionality 11:11 Web-based Vulnerabilities 11:26 Cross Site Scripting (XSS) 11:49 Stored (Persistent) 12:45 Reflected (Most common) 13:31 DOM 13:41 Target of Attack: Client 13:53 Cross Site Request Forgery (CSRF) 14:18 Target of Attack: Server 14:28 SQL Injection 15:32 Input Validation 16:08 Client Side vs. Server Side 16:36 Allow Lists vs. Deny Lists 17:36 Outro For a full list of all the MindMaps and to download them in PDF and Audio format, visit: https://destcert.com/cissp-mindmaps/ Join our r/DestCert subreddit for valuable CISSP resources, training advice, support, and to connect with other CISSP professionals!