Lesson 19 - Employ Technical Controls

Question 1

What is the process of thoroughly and completely removing input of data from a storage medium so that file remnants cannot be recovered

Answer 1

Input Sanitization

It is the most common approach to mitigating the effects of code injections particularly XSS and SQL Injection

Question 2

Name some common tactics for Input Sanitization

Answer 2

Escaping - encoding or substituting special characters in HTML markup with representations that are called entities

Sanitization - using libraries that automatically parse and strip the user-supplied HTML input of untrusted data

Null Byte Sanitization - most effective what to prevent poisoning

Parameterized Query - a technique that defends agains a SQL Injection by incorporating placeholders in a SQL Query

Allow List - white list of sort

Question 3

What is the concept of resolving a finding through changing how it is used or implemented

Answer 3

Process-Level Remediation

Question 4

The process of assigning a specific certificate to a particular element to avoid MitM attacks

Answer 4

Certificate Pinning

Question 5

What is the platform that controls passwords, key pairs, and other sensitive information

Answer 5

Secret Management Solution

Question 6

What is the technique that is a dynamic code analysis that involves sending a running application random and unusual input so as to evaluate how the app responds

Answer 6

Fuzzing

Question 7

What are some Operational Control Considerations

Answer 7

Job Rotation
Time of Day Restriction
Mandatory Vacations
User Training