SDLC Flashcards
What is the order of the Waterfall-Model, SDLC phases?
Planning and Analysis Software/Systems Design Implementation Testing Integration Deployment Maintenance
Which SDLC model uses time-boxing or small increments?
Agile
What is a runtime error?
When the software encounters an error when running.
What is a syntax error?
When the code has mistakes with its coding.
What is structured exception handling (SEH)?
It allows you to have control over what the application should do when faced with a syntax or runtime error.
Is fuzzing conducted during static or dynamic code analysis?
Dynamic
What other situations you can use fuzzing?
You can also use fuzzing to stress test networks
When you see a question on the test involving (dot dot slash), what is this answer of the question most likely to be?
https://www.jennyisaho/../../../etc
Directory traversal
When an attacker is able to execute code or run commands on a victim computer, what is it called?
This is when your friend gets on your computer at work and runs something on your computer.
Arbitrary code execution
What is arbitrary code execution called when its done remotely?
Remote code execution
This is considered to be one of the worst types of exploits in the security world. Any type of vulnerability that allows an RCE exploit is considered to be critical in the CVSS.
What is a way programmers help prevent buffer overflow attacks?
Address space layout randomization
What is cross-site scripting?
When an attacker embeds a malicious scripting command on a trusted website.
The victim is the user, not the server.
What are the three types of CSS attacks?
Stored/Persistent
Reflected
DOM-based
What is the stored/persistent attack?
Attempts to get data provided by the attacker to be saved on the web server. Later this malicious code is served to other users.
What is the reflected attack?
Attempts to have a non-persistent effect activated by a victim by clicking a link on the site.