Chapter 5 Flashcards
Vulnerability Management Program
A program that plays a crucial role in identifying, prioritizing, and remediating vulnerabilities in our environment.
Static Testing
Analyzes code without executing it.
Dynamic Testing
Executes code as part of the test, running all the interface that the code exposes to the user with a variety of inputs, searching for vulnerabilities.
Interactive Testing
Combines static and dynamic testing, analyzing the source code while testers interact with the application through exposed interfaces.
CVSS (Common Vulnerability Scoring System)
An industry standard for assessing the severity of security vulnerabilities.
Attack Vector
How an attacker would exploit the vulnerability.
Attack Complexity
Describes the difficulty of exploiting the vulnerability.
Privileges Required Metric
Describes the type of account access that an attacker would need to exploit a vulnerability.
User Interaction Metric
Describes whether an attack needs to involve another human in the attack.
Confidentiality Metric
The type of information disclosure that might occur if an attacker successfully exploits a vulnerability.
Integrity Metric
Describes the type of information alteration that might occurs from a successful exploit.
Availability Metric
Describes the type of disruption that might occur if an attacker is successful.
Scope Metric
Describes whether the vulnerability can affect system components beyond the scope of the vulnerability.
SIEM (Security Information and Event Management)
Systems that correlate log entries from multiple sources and provide actionable intelligence.
White-box Test
Tests performed with full knowledge of the underlying technology, configurations, and settings that make up the target.
