Chapter 6: Security Assessment & Testing Flashcards
What is Mutation Testing ?
A white-box testing technique that involves making small changes to a program’s source code to evaluate the quality of software tests.
What is Nikto?
A free software command-line vulnerability scanner that scans web servers for dangerous files/CGIs, outdated server software & other problems.
For each of these – Open/Closed Source, port scanner or vulnerability scanner?
1. Nmap
2. OpenVAS
3. MBSA
4. Nessus
- Open, port
- Open, vulnerability
- Closed, vulnerability
- Closed, vulnerability
What’s the most common tool for assessing security awareness in an organization?
Surveys
What’s the difference between a TCP connect scan & a TCP SYN scan for identifying open ports?
TCP SYN scans generally require elevated privileges.
Recording all user interaction with an application to ensure quality & performance is called…
Real User Monitoring (RUM)
What are the 4 types of coverage criteria commonly used when validating the work of a code testing suite?
Function, statement, branch, condition
What is OVAL ?
Open Vulnerability & Assessment Language, an international, information security, community standard to promote open and publicly available security content, and to standardize the transfer of this information across the entire spectrum of security tools and services.
What is XCCDF ?
Extensible Configuration Checklist Description Format, for creating security checklists.
What is SCE ?
Script Check Engine, for making scripts interoperable with security policy definitions.
What is covered in NIST 800-53A ?
Security & Privacy Controls
What is covered in NIST 800-12 ?
Introduction to Computer Security
What is covered in NIST 800-34 ?
Contingency Planning
What is covered in NIST 800-86 ?
Forensic Techniques for Incident Response
What are two common network ports on printers?
515 (LPR) & 9100 (LPD)
