4.2 Reporting and Communication Flashcards
Given a scenario, analyze the findings and recommend the appropriate remediation within a report.
What is system hardening?
System hardening is the process of securing a device or application, usually to match the standards of the current system or network where it is being introduced. Hardware and software should be hardened as much as possible before they are added to a network.
What is Input Sanitization?
Input Sanitization is the process of stripping user-supplied input of unwanted or untrusted data so that the application can safely process that input. It is the most common approach to mitigating the effects of code injection.
What are Parametrized Queries?
Parameterized queries process SQL input by incorporating placeholders for some of a query’s parameters. When the query is executed, the web app binds the actual values to these parameters in a different statement. So a quotation mark in a parameterized query would be interpreted literally, rather than be interpreted as if it were part of the query structure.
What is Process-Level Remediation?
Process-Level Remediation is the concept of resolving a finding through changing how it is used or implemented. For example using SSH whenever Telnet is being implemented.
What is Patch Management?
Patch Management is the process of keeping track of managing and applying patches in a controlled manner.
What is Key Rotation?
Key Rotation is the process of periodically generating and implementing new access keys to a server/service.
What is Certificate Management?
Certificate Management is the process of properly administering digital security certificates. This process includes managing proper storage and transmission of the certificate as well as the suspension and revocation done in response to certain cases.
What is a Secret Management Solution?
A Secret Management Solution is a platform that controls passwords, key pairs, and other sensitive information that should be stored securely.
What is Network Segmentation?
Network Segmentation is the process of dividing the system infrastructure into different physical and virtual subdivisions.
What is Role-Based Access Control?
Role-Based Access Control is the security approach to restricting availability of a resource to authorized users only.
What is a Software Development Life Cycle (SDLC)?
An SDLC focuses primarily on the design, development and maintenance of applications and other software. Development passes through several phases, and ideally, security is incorporated at each of those phases.