Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

devops > chapter5 > Flashcards

chapter5 Flashcards

1
Q

give the security team colours

A

Red team = offensive security, ethical hacking, exploiting vulnerabilities, penetration tests, black box testing, social engineering, web app scanning (pentesting)

Blue team = defensive security, infrastructure protection, damage control, incident response(IR), operational security, threat hunters, digital forensics

Purple team = facilitate improvements in detection and defence, sharpened the skills of blue and red team members, effective for spot-checking systems in larger organizations

Yellow team = software builders, application developers, software engineers, system architects (building applications)

Orange team = inspire coders and architects to be more security conscious, benefit from current exposure to evolving security threats, offensive critical thinking included in builders intrinsic thought pattern, decrease in overall security bug count over time (awareness: owasp top 10 risks)

Green team = improved logging capability and working to standardise and prioritise important events, better data for digital forencics and incident response case, safer change management including integrity monitoring, full coverage monitoring including improved anti-virus and end point protection on systems (owasp top 10 pro-active controls)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

explain owasp

A

open web application security project is a non-profit foundation dedicated to improving the security of software

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

explain owasp top 10

A

online document that provides ranking of the top 10 most critical web application security risks based on:

The frequency of discovered security defects

The severity of the vulnerability

The magnitude of their potential impacts

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

give the awareness documents

A

A01 = broken access control

A02 = cryptographic failures

A03 = injection

A04 = insecure design

A05 = security misconfiguration

A06 = vulnerable and outdated components

A07 = indentification and authentication failures

A08 = software and data integrity failures

A09 = security logging and monitoring failures

A10 = server-side request forgery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

give the proactive controls for software developers

A

C1 = define security requirements

C2 = leverage security frameworks and libraries

C3 = secure database access

C4 = encode and escape data

C5 = validate all inputs

C6 = implement digital indentity

C7 = enforce access controls

C8 = protect data everywhere

C9 = implement security logging and monitoring

C10 = handle all errors and exceptions

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

what is SAST

A

static application security testing = analyzes source code from the inside while components are at rest

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

what is DAST

A

dynamic application security testing = vulnerabilities scanner by simulating external attacks while application is running

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

devops (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions