Chapter 4 Flashcards
locally shared objects (LSOs)
files stored on
users’ computers that allow websites to collect information about visitors.
secure coding concepts
The best practices used during the life cycle of software
development.
Systems Development Life Cycle (SDLC)
The process of creating systems and applications,
and the methodologies used to do so.
secure code review
An in-depth code inspection procedure.
threat modeling
A way of prioritizing threats to an application.
black-box testing
When people test a system but have no specifi c knowledge of the
system code involved with the system.
white-box testing
A method of testing applications or systems where the tester is given
access to the internal workings of the system.
sandbox
When a web script runs in its own environment for the express purpose of
not interfering with other processes, possibly for testing.
input validation
A process that ensures the correct usage of data.
fuzz testing
When random data is inputted into a computer program in an
attempt to fi nd vulnerabilities.
buffer overflow
When a process stores data outside the memory that the developer
intended to be used for storage.
integer overflow
When arithmetic operations attempt to create a numeric value that is
too big for the available memory space.
remote code execution (RCE)
When an attacker acquires control of a remote computer
through a code vulnerability.
cross-site scripting (XSS)
A type of vulnerability found in web applications used with
session hijacking.
cross-site request forgery (XSRF)
An attack that exploits the trust a website has in a
user’s browser in an attempt to transmit unauthorized commands to the website.
