Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

CompTIA Security + (SY0-701) > Section 21.201 Application Security > Flashcards

Section 21.201 Application Security Flashcards

Objective 4.1 Given a scenario, you must be able to apply common security techniques to computing resources. Objective 4.5 Given a scenario, you must be able to modify enterprise capabilities to enhance security.

1
Q

Application Security

A

Focuses on building secure applications and aims to prevent, detect, and remediate security vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Six Key Areas in Application Security

Input Validation

A

Acts as a gatekeeper to ensure that applications only act on well-defined and uncontaminated data

● Guards against attacks exploiting data input vulnerabilities (e.g SQL
injection, XSS, buffer overflows)

● Serves as a kind of quality control for data to ensure that every piece of
information is valid, secure, and correctly formatted

● Validation Rules: Delineate acceptable and unacceptable inputs (input expects phone number but receives alphabetical characters - needs to reject this)

While input validation is criticial to peform, it is not a cure all solution so it is used with other defense tools
○ Secure communication protocols
○ Regular security auditing
○ Implementing proper error handling

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Six Key Areas in Application Security

Cookies

A

Small data pieces stored by web browsers used to maintain stateful information between the server and client

● Secure Cookies: Transmitted over HTTPS for enhanced security so cookie cannot be read or modified

● Best practices:
○ Refraining from persistent cookies for session verification
○ Enabling the Secure attribute
○ Enabling HttpOnly attribute
○ Configuring the SameSite attribute

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Six Key Areas in Application Security

Static Code Analysis (SAST)

A

A method of debugging an application by reviewing and examining its source code before running the program

● Identifies issues like buffer overflows, SQL injection, and XSS

● Important for proper input validation in both front-end and back-end code

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Six Key Areas in Application Security

Dynamic Code Analysis (DAST)

A

Analyses applications while they run

Common methods of DAST:
○ Fuzzing (Fuzz Testing)
■ Inputs random data to provoke crashes or exceptions
■ Helps uncover security flaws and weaknesses

○ Stress Testing:
■ Evaluates system stability and reliability under extreme
conditions
■ Reveals bottlenecks and assesses system recovery

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Six Key Areas in Application Security

Code Signing

A

Confirms the software author’s identity and integrity

● Utilises digital signatures to verify code authenticity

● Protects against code tampering but doesn’t guarantee absence of
vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Six Key Areas in Application Security

Sandboxing

A

Isolates running programs, limiting their access to resources

● Prevents harmful actions on the host device or network

● Used to execute untrusted or untested programs securely

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

CompTIA Security + (SY0-701) (205 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions