Domain 6 - Security Assessment and Testing Flashcards
Verification
objective evidence that the design outputs of a phase of the SDLC meet requirements.
3rd party sometimes
Validation
Develop “level of confidence” that the software meets all requirements and expectations,
software improve over time
Find back doors thru structured walk through
Fagan inspections
Most formal code review processes, known as Fagan inspections, follow a rigorous review and testing process with six steps: • Planning • Overview • Preparation • Inspection • Rework • Follow-up
Dynamic Testing
does not require access to source code, evaluates code in a runtime environment
Static Testing
Requires access to source code, performs code analysis
CVE
The CVE dictionary provides a standard
convention used to identify vulnerabilities, list by MITRE
CVSS
Common Vulnerability Scoring System, metrics and calculation tools for exploitability,
impact, how mature exploit code is, and how vulnerabilities can be remediated, also to score
vulnerabilities against unique requirements.
Regression testing
is the verification that what is being installed does not affect any portion of the
application system already installed. It generally requires the support of automated process to repeat
tests previously undertaken. Known inputs against an application then compares results to earlier
version results
nonRegression testing
code works as planned
STRIDE
Is often used in relation to assessing threats against applications or operating systems, threat
categorization scheme, spoofing, tampering, repudiation, information disclosure, denial of service, and
elevation of privilege.
Spoofing
An attack with the goal of gaining access to a target system through the use of a falsified
identity. Spoofing can be used against IP addresses, MAC address, usernames, system names, wireless
network SSIDs, and other types of logical identification.
TCP SYN Scanning
Sends a single packet to each scanned port with the SYN flag set. This indicates
a request to open a new connection. If the scanner receives a response that has the SYN and ACK flags
set, this indicates that the system is moving to the second phase in the three-way TCP handshake and
that the port is open. TCP SYN scanning is also known as “half-open” scanning
TCP Connect Scanning
Opens a full connection to the remote system on the specified port. This
scan type is used when the user running the scan does not have the necessary permissions to run a
half-open scan.
TCP ACK Scanning
Sends a packet with the ACK flag set, indicating that it is part of an open
connection.
Xmas Scanning
Sends a packet with the FIN, PSH, and URG flags set. A packet with so many flags
set is said to be “lit up like a Christmas tree,” leading to the scan’s name.