Chapter 11: Managing Application Security Flashcards
modern version of the Basic Input Output System (BIOS) is more secure and is needed for a secure boot of the OS. The older BIOS cannot provide secure boot.
Unified Extensible Firmware Interface (UEFI)
in a windows computer, the early launch anti malware tests that all drivers that are being loaded are signed and prevents rogue drivers from loading
Early Launch Anti Malware
this was first adopted with Windows 8 where all components from the firmware are up to the applications and software measured and stores this information in a log file—log file is stored in the Trusted Platform Module (TPM) chip
Measured Boot
using an FDE such as BitLocker
Secure Boot and Attestation
monitors websites that are being visited and the files that are being downloaded to ensure they are not infected by viruses or trojans
Antivirus
scans computer for adware and spyware and prevents malicious software from running
Anti Malware
advanced solution that is better than anti virus or anti malware. It is a centralized console that continuously monitors the computer and makes alerts when a threat has been detected
Endpoint Detection and Response (EDR)
an endpoint DLP solution can be setup so that it can protect data on your computer from being stolen by using email or USB drive.
Data Loss Prevention (DLP)
more than a traditional firewall. It can act as a stateful firewall by carrying out deep packet filtering. It can also inspect application traffic to ensure that it is legitimate and use whitelisting to ensure that only approved applications are allowed to run.
Next Generation Firewall (NGFW)
software program that can be installed on a host to protect it against attack. It analyzes the behavior of a computer and looks for any suspicious behavior in log files
Host Intrusion Prevention System (HIPS)
is a passive device that monitors patterns in the behavior of a computer system. Uses a database that contains the setting for the computer including registry, critical file systems, application, Its function is to alert the user to any discrepancies or attacks
Host Intrusion Detection System (HIDS)
can be used to prevent unauthorized access to the desktop and can set up permitted rules for approved applications
Host based Firewall
cookies can be stolen by attackers to carry out a session hijacking attack; ensure cookies are only downloaded when there is a secure HTTPS session.
Secure Cookies
controlling inputs to an application is vital to ensure that buffer overflow, integer overflow, ,and SQL injection attacks cannot be launched against applications and databases.—input validation occurs where data is entered either using a web page or wizard
Input Validation
designed to transfer information from the host and the web server—attacker can carry out a cross site scripting attack and is delivered through injecting HTTP response headers—can be prevented by entering HTTP Strict Transport Security (HSTS) header
Hypertext Transfer Protocol (HTTP) headers
allows you to digitally sign scripts and executables to verify their authenticity and to confirm they are genuine
Code Signing
the code is not executed locally—use static code analyzer tool to check any flaws or weaknesses
Static Code Analyzers
the code is run locally—use a technique called fuzzing where random input is inserted into the application to see what the output will be
Dynamic Code Analysis
developer reads code line by line to ensure it is written properly and no errors
Manual Code Review
put random information to see whether the application crashes or causes memory leaks or error information to be returned.—improper input validation
fuzzing
used on computer systems to encrypt the whole hard drive as it holds data at rest
FDE
______ chip is stored on the motherboard and is used to store encryption keys so that when the system boots, it can compare the keys to ensure no tampering
TPM
when we use certificates for FDE, they use a hardware root of trust that verifies that the keys match before secure boot takes place.
Hardware Root of Trust
solid state drives (SSDs) and are purchased already set to encrypt data at rest
Self Encryption Drives (SEDs)
similar to TPM chips except it is removable. The key escrow uses HSM to store and manage private keys but smaller ones can be used for computer
Hardware Security Module (HSM)
where we can install an application in a virtual environment isolated from our network so we can patch, test, and ensure that it is secure before putting it into a production environment
sandboxing
comprised of small devices, such as ATMs, small robots, and wearable technologies , that can use an IP address and connect to internet capable devices
-smart devices
-home automation (lighting climate enterntainment alarm)
-wearable technology
-sensors
-weak defaults
-facilities automation
IoT