Part 2: W12-1 System Testing Security Flashcards
What purpose does security architecture have?
Outlines where security mechanisms (ie. authentication, encryption, backup) should be positioned.
What are the steps of threat modeling?
- Identify asset with security quality requirement
- Create architecture overview
- Decompose application
- Identify threats
- Rank threats
What are some examples of security testing mechanisms?
- Vulnerability scanning
- Penetration testing
- Password cracking
- Ethical hacking
Name five (5) examples of software security vulnerabilities?
- buffer overflows
- heap overflows
- format string vulnerabilities
- Cross-site scripting (XSS)
- SQL injection
- Cross Site Request Forgery (XSRF)
- Cross Site Script Inclusion (XSSI)
- Path Traversal
- Denial of Service
- Configuration Vulnerabilities
- AJAX vulnerabilities
How does a buffer overflow attack work?
- Inject malware code through input
2. Overflow buffer so program jumps to attack code
How does a SQL injection attack work?
Attacker accesses database through input.
How does a DoS attack work?
Server is overloaded so that it cannot service ordinary requests.
Name 4 types of malware and how they work
Viruses - self replicating, requires user intervention to replicate
Worms - malware spreads through internet, does not need human intervention,
can spread through email
Trojan horses - useful program with hidden malware
Backdoors - malware that creates covert access channel for attacker, may be embedded in actual programs
Mobile code - designed to look like browsing website
Adware - forces unsolicited advertising
Sticky software - prevents user from uninstalling
In Robustness testing what do availability tests check?
System’s ability to quickly recover from failure
In Robustness testing what do degraded tests check?
System’s ability to remain operational after a portion of system fails.
In Robustness testing what do Power cycling tests check?
System’s recovery after power is restored.
