CySA+ Study Notes 17 Flashcards
Assembly code—A disassembler reads machine code instructions from the computer’s memory and outputs each instruction as a text string in assembly code.
Machine code—The binary code executed by the processor, typically represented as 2 hex digits for each byte.
info
can be used to find known web server vulnerabilities and misconfigurations, identify web applications running on a server, and identify potential known vulnerabilities in those web applications. web app scanner.
Nikto
Fuzzing is a technique designed to test software for bugs and vulnerabilities. A poorly secured app, like one vulnerable to buffer overflows, will likely crash during fuzzing. This can enable you to spot serious issues with your app that an attacker will almost surely attempt to exploit. ex’s : Application UI, Protocol, File Format.
info
SOA : common method for consumers of services, such as web-based applications, to be aware of and access data from disparate sources.
SOAP : provides a structure for transmitting and receiving information used in web applications to a variety of device types using an application programming interface (API). Uses XML format messaging. Has built in error handling.
info
Burp Suite is an interception proxy, Burp allows you to perform an automated scan for vulnerabilities and crawl an application to discover content and it provides tools for automating the modification of requests and insertion of exploits.
info
(SAML) is an XML-based framework for exchanging security-related information such as user authentication, entitlement, and attributes. SAML is often used in conjunction with SOAP. Allows SP to est. trust relationship w/IdP so identity of user (the principal) can be trusted by SP w/o user directly authenticate to SP.
info
OAuth : authentication/authorization for RESTful API;
JSON Web Tokens (JWTs) are often used as the format for tokens. A JWT comprises a header, payload, and signature. The header identifies the cryptographic hash algorithm and the token format. The signature is calculated from the header and payload plus a shared secret.
Open ID Connect (OIDC) is an authentication protocol that can be implemented as special types of OAuth flows with precisely defined token fields.
(APIs) : allow automated administration, management, and monitoring of their services. Cloud APIs provide for web-based client and server communication.
info
Continuous integration (CI) : is the principle that developers should commit and test updates often—every day or sometimes even more frequently.
Continuous delivery : is about testing all of the infrastructure that supports the app, including networking, database functionality, client software, etc …
Continuous deployment : is the separate process of actually making changes to the production environment to support the new app version.
info
(DevOps) is a cultural shift within an organization to encourage much more collaboration between developers and system administrators. By creating a highly orchestrated environment, IT personnel and developers can build, test, and release software faster and more reliably.
DevSecOps extends the boundary to security specialists and personnel, reflecting the principle that security is a primary consideration at every stage of software development and deployment.
info
snowflake is a configuration or build that is different to any other. The lack of consistency—or drift—in the platform environment leads to security issues, such as patches that have not been installed, and stability issues, such as scripts that fail to run because of some small configuration difference.
Idempotence means that making the same call with the same parameters will always produce the same result.
Data enrichment means that the machine analytics behind the view of a particular alert can deliver more correlating and contextual information with a higher degree of confidence, both from within the local networks data points, and from external threat intelligence.
A playbook is a checklist of actions to perform to detect and respond to a specific type of incident.
info
