BOOK: Ch 11, 12 Flashcards
The process of designing and implementingsoftware so that it continues to function even when under attack. Software written using this process is able to detect erroneous conditions resulting fromsome attack, and to either continue executing safely, or to fail gracefully.
Defensive Programming
This problem occurs when program input data can accidentally or deliberately influence the flow of execution of the program.
Injection Attack
When the input is used in theconstruction of a command that is subsequently executed by the system with theprivileges of the Web server.
Command Injection Attack
In this attack, the user-supplied input is used to construct a SQL request to retrieve informationfrom a database.
SQL Injection Attack
This is a software testing technique that uses randomly generated data as inputs to a program. The intent is to determine whether the program or functioncorrectly handles all such abnormal inputs or whether it crashes or otherwise fails to respond appropriately.
Input Fuzzing
This strongly suggests that programs should execute with the least amount of privileges needed to complete their function.
Principle of Least Privilege
A process that includes planning, installation, configuration, update, and maintenanceof the operating system and the key applications in use,
Hardening a System
3 Steps to hardening a base OS
• Removing unnecessary services, applications, and protocols.• Configuring users, groups, and permissions.• Configuring resource controls.
Which restricts the server’s view of the file system to just a specified portion. Files in directoriesoutside the __________ are not visible or reachable at all.
Chroot Jail
Refers to a technology that provides an abstraction of the computing resources used by some software, which thus runs in a simulated environmentcalled a virtual machine (VM).
Virtualization