3.2 Host / Application Security

Question 1

Fuzzing

Answer 1

or fuzz testing is an automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program. The program is then monitored for exceptions such as crashes, failing built-in code assertions, or potential memory leaks

Question 2

User Acceptance Testing

Answer 2

process of verifying that a created solution/software works for the user

Question 3

Security regression testing

Answer 3

ensures that changes made to a system do not harm its security, are therefore of high significance, and the interest in such approaches has steadily increased

Question 4

Stress testing

Answer 4

verifies the system’s stability and reliability by measuring its robustness and error handling capabilities under heavy load conditions

Question 5

CE

Answer 5

In a cryptographic erase (CE), the storage media is encrypted by default. The encryption key itself is destroyed during the erasing operation. CE is a feature of self-encrypting drives (SED) and is often used with solid-state devices. Cryptographic erase can be used with hard drives, as well

Question 6

Zero-fill

Answer 6

process that fills the entire storage device with zeroes. For SSDs and hybrid drives, zero-fill-based methods might not be reliable because the device uses wear-leveling routines in the drive controller to communicate which locations are available for use to any software process accessing the device

Question 7

Secure Erase

Answer 7

special utility provided with some solid-state drives that can perform the sanitization of flash-based devices

Question 8

Overwrite

Answer 8

is like zero-fill but can utilize a random pattern of ones and zeroes on the storage device