Application Security Flashcards

1
Q

Describe these Secure Design Action:
1) Security Requirement Specifications
2) Threat Modeling
3) Secure Design Principles
4) Secure Application Architecture

A

1) Design application according the security specifications.
2) Perform to know your threats.
3) Define the secure coding standards to be implemented.
4) Design Secure Application Architecture.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Threat Modeling?

A

Is the process of identifying, analyzing and mitigating the threats to the application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the six steps of the Threat Modeling Process?

A

1) Identify Security Objectives
2) Application Overview
3) Decompose the Application
4) Identify Threats
5) Identify Vulnerabilities
6) Risk and Impact Analysis

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Describe these Secure Coding Practices:
1) Input Validation
2) Parametized Queries and Stored Procedures
3) Unicode Normalization
4) Output Encoding
5) Error/Exception handling
6) Secure Session Cookies
7) Secure Response Headers
8) Obfuscation/Camouflage
9) Code Signing

A

1) The process of verifying and testing user inputs.
2) Parametized queries do not allow attacker to change the intent of the query. Stored procedures allow the developer to write SQL code first, then accept parameters.
3) The process of normalizing strings and whether two given strinfg are equivalent.
4) Convert special characters to a different format so they are no longer vulnerable at the interpreter.
5) Prevents the application from entering an unknown state.
6) Employ cookie randomization, cookie timeout.
7) Hardens the application against security threats and prevents browsers from delivering vulnerable resources.
8) Is a technique used by developers ti secure their code from reverse engineering.
9) Digitally signs software to ensure integrity and authenticity.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is Static Application Security Testing (SAST)?

A

Is the systematic inspection of source code to detect vulnerabilities and design flaw.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is Dynamic Application Security Testing (DAST)?

A

Simulating attacks against the application and analyzes how the application behaves.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Fuzz Testing?

A

Sending huge amounts of random data against the web application. Used for buffer overflow, DoS, XSS, SQL.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Application Whitelisting?

A

Is a control access mechanism to only allow a list of approved applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Application Blacklisting?

A

Uses a list of undesirable applications to block and prevent their execution.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is a Web Application Firewall (WAF)?

A

Provides a security layer that protects the web server from malicious traffic.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q
A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly