Chapters 11, 12 Flashcards
The process of designing and implementing
software so that it continues to function even when under attack. Software written using this process is able to detect erroneous conditions resulting from
some attack, and to either continue executing safely, or to fail gracefully.
Defensive Programming
This problem occurs when program input data can accidentally or deliberately influence the flow of execution of the program.
Injection Attack
When the input is used in the
construction of a command that is subsequently executed by the system with the
privileges of the Web server.
Command Injection Attack
In this attack, the user-supplied input is used to construct a SQL request to retrieve information
from a database.
SQL Injection Attack
This is a software testing technique that uses randomly generated data as inputs to a program. The intent is to determine whether the program or function
correctly handles all such abnormal inputs or whether it crashes or otherwise fails to respond appropriately.
Input Fuzzing
This strongly suggests that programs should execute with the least amount of privileges needed to complete their function.
Principle of Least Privilege
A process that includes planning, installation, configuration, update, and maintenance
of the operating system and the key applications in use,
Hardening a System
3 Steps to hardening a base OS
- Removing unnecessary services, applications, and protocols.
- Configuring users, groups, and permissions.
- Configuring resource controls.
Which restricts the server’s view of the file system to just a specified portion. Files in directories
outside the __________ are not visible or reachable at all.
Chroot Jail
Refers to a technology that provides an abstraction of the computing resources used by some software, which thus runs in a simulated environment
called a virtual machine (VM).
Virtualization
