.06 RG Vocab application security

Question 1

Application

Answer 1

A program built to allow a user to perform a specific function or set of
functions on a computer including mobile devices, desktops, tablets, smart devices,
automobiles, manufacturing systems, etc.

Question 2

Burp Suite

Answer 2

A proxy tool created by PortSwigger that is used extensively in application
penetration testing

Question 3

Desktop Application

Answer 3

Usually designed for more significant tasks compared to mobile
applications, with more processing resource needs and options for outputs and interactions
within the system and for external programs or application processing interfaces (APIs)

Question 4

Mobile Application

Answer 4

Software optimized for use on a mobile device, often with
functionalities specific to a handheld device (GPS location/motion, camera, voice). It can be
run only on a desktop computer through an emulator

Question 5

OWASP

Answer 5

The Open Web Application Security Project is a nonprofit, community-driven
organization dedicated to training, research, and improvements in application security.

Question 6

OWASP Top 10

Answer 6

A list of the top 10 vulnerabilities published by OWASP every few years,
which combines data from actual breaches, alerts, reports, and community feedback

Question 7

Progressive Web Application

Answer 7

A desktop application coded to work in both mobile and
desktop formats from a single code base, adjusting visually when interacting on a mobile
device

Question 8

Server-Side Request Forgery

Answer 8

An SSRF attack that uses malformed URLs to access, read,
and possibly impact server resources

Question 9

DevOps

Answer 9

Practices aimed at unifying software development and IT operations to avoid
outages and bugs resulting from poor internal communication during the SSDLC (Daniel
Miessler, 2022)

Question 10

DevSecOps

Answer 10

Aims to increase application security through the build process by introducing
communication and using vulnerability scanning and fuzzing tools during each step in the
SSDLC

Question 11

Secure Software Development Lifecycle (SSDLC)

Answer 11

A phase-based methodology for
delivering software applications quickly, securely, and cost-effectively

Question 12

Shift-Left Testing

Answer 12

The concept of shifting testing to the left or earlier when building
applications to cut down on costly and dangerous misconfigurations that are more difficult
to undo later in the process

Question 13

Dynamic Application Security Testing (DAST)

Answer 13

Tools that test the configuration and
security of applications as they run in real-time

Question 14

Fuzzing

Answer 14

The practice of sending nonsense data into an application in an automated
manner to test the app’s security, resilience, and validation

Question 15

OWASP ZAP

Answer 15

An open-source application scanning app, with a command line interface (CLI)
and a graphical user interface (GUI), that records all actions taken against an application in a
database for review and further testing

Question 16

Identify Phase (SSDLC)

Answer 16

What problem is this application trying to solve?

Question 17

Plan Phase (SSDLC)

Answer 17

The project is approved, and teams are assigned their roles and tasks

Question 18

Design Phase (SSDLC)

Answer 18

The application architecture (or Stack) is planned into a single
model.

Question 19

Build Phase (SSDLC)

Answer 19

Developers code the solution and perform peer review during
development.

Question 20

Test Phase (SSDLC)

Answer 20

The application is functional and can be tested for weaknesses in
functionality or security.

Question 21

Deploy Phase (SSDLC)

Answer 21

The solution is completed and shipped to users.

Question 22

Maintain Phase (SSDLC)

Answer 22

The application is monitored for performance and dependency
breakage, while improvements and versioning are folded into new SSDLC sprints.