Security Assessment & Testing Flashcards Preview

Game Changer > Security Assessment & Testing > Flashcards

Flashcards in Security Assessment & Testing Deck (29):
1

A design that allows one to peek inside the "box" & focuses specifically on using internal knowledge of the software to guide the selection of test data.

White Box Testing

2

Intermediate hosts through which websites are accessed.

Web Proxies

3

Log the patch installation history & vulnerability status of each host, which includes known vulnerabilities & missing software updates.

Vulnerability Management Software

4

The authentication process by which the biometric system matches a captured biometric against the person's stored template.

Verification

5

The determination of the correctness, with respect to the user needs & requirements, of the final program or software produced from a development project.

Validation

6

Abstract episodes of interaction between a system & its environment.

Use Cases

7

A process by which developers can understand security threats to a system, determine risks from those threats, & establish appropriate mitigation.

Threat Modeling

8

Operational actions performed by OS components, such as shutting down the system or starting a service.

System Events

9

Involves having external agents run scripted transactions against a web application.

Synthetic Performance Monitoring

10

Analysis of the application source code for finding vulnerabilities without actually executing the application.

Static Source Code Analysis (SAST)

11

Criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product's behavior.

Statement Coverage

12

The process for generating, transmitting, storing, analyzing, & disposing of computer security log data.

Security Log Management

13

The determination of the impact of a change based on review of the relevant documentation.

Regression Analysis

14

An approach to web monitoring that aims to capture & analyze every transaction of every user of a website or application.

Real User Monitoring (RUM)

15

Determines that your application works as expected.

Positive Testing

16

This criteria requires sufficient test cases for each feasible path, basic path, etc. from start to exist of a defined program segment, to be executed at least once.

Path Coverage

17

Ensures the application can gracefully handle invalid input or unexpected or unexpected user behavior.

Negative Testing

18

Criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.

Multi-Condition Coverage

19

A Use Case from the POV of an Actor hostile to the system under design.

Misuse Case

20

Criteria requires sufficient test cases for all program loops to be executed for zero, one, two & many iterations covering initialization, typical running, & termination (boundary) conditions.

Loop Coverage

21

Any hardware or software mechanism that has the ability to detect & stop attacks in progress.

Intrusion Prevention System (IPS)

22

Real-time monitoring of events as they happen in a computer system or network, using audit trail records & network traffic & analyzing events to detect potential intrusion attempts.

Intrusion Detection System (IDS)

23

Maintaining ongoing awareness of information security, vulnerabilities, & threats to support organizational risk management decisions.

Information Security Continuous Monitoring (ISCM)

24

Considered to be a minimum level of coverage for most software products but decision coverage alone is insufficient for high-integrity applications.

Decision (Branch) Coverage

25

Criteria requires sufficient test cases for each feasible data flow to be executed at least once.

Data Flow Coverage

26

Criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from Branch Coverage only when multiple conditions must be evaluated to reach a decision.

Condition Coverage

27

Tests an application for the use of system components or configurations that are known to be insecure.

Automated Vulnerability Scanners

28

A manual review of the product architecture to ensure that is fulfills the necessary requirements.

Architecture Security Review

29

Contain security event information such as successful & failed authentication attempts, file accesses, security policy changes, account changes, & use of privileges.

Audit Records