2.3-2.4 Flashcards
Development to production
Patch testing via sandboxing, practice test code so only affected inside sandbox
Development, wrote code and test
Testing, bring it all together and see if it works
QA, verified features and test new features
Staging, test in real world environment
Production, for end users and get a security baseline
Provisioning
Deploying an application web server, database, middleware, user workstation configs, network config, and security patches
Orchestration
Instantly provision features of app using automation based on geographical needs, can provision or deprovisioning based on needs
Secure coding techniques
Stored queries where the exact query code isnt seen, devs can only run or not run but not modify to avoid hacks
Input invalidation
Hackers find where there is no validated or normalized code where the data types are in the right input area
Use fuzzers
Validation points
Server side checks on server helps protect against malicious actors, safer
Client side validation
Memory management
Know where all memory is stored, what is stored, so never trust input into memory. Hackers can use buffer overflow
Software diversity
Need to check for exploits and vulnerabilities. So use different tricks in binary so complier result in different binaries each time
Automation and scripting
Plans for changes and deployment for solving problems, we monitor and never let it get to the point of error
With continuous integration. Software is constantly being written and constantly needs to be checked
Continkus delivery can be automated
Too for delivery with human prompt and deployment with full automation
Directory services
Keep all username and pw in a single database, large and distributed, via active directory
Federation
Credential authentication stored in a third party site
Attestation
Prove the hardware is really yours. Automated for thousands of hardware connections and checks that verifies then approves or disallows connection
Authenticates via sms, email etc
Push notifrication
Token generator totp, time based one time password
Hotp, one time password from a list
Smart cards
Biometrics
Fingerprints scanner
Retinal scanner
Iris scanner
Voice scanner
Facial recognition
Gait (walk style)
Veins analysis
Need false Acceptace Rate to decrease false Acceptance rate
Need fLse rejection rate to be Lowered too
This finds the crossover rate to find the sweet spot
Mfa
Ususally has a username
Aaa authentication with password
Authorization (what u can access)
Accounting( see what user has done)
Something u know (password or questions and answers)
Something u have (smartcard, usb token)
Something u are (biometrics)
Somewhere u are (geographical locations)
Something you can do (signature)
Something you exhibit (way if walk or way if speed type)
