Security Flashcards

1
Q

quels sont les 3 types de detection de security que GitLab peut faire

A

Unauthorized access / Data Leaks / DoS Attacks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

why Application Security is important

A

PRivacy Risks / Ensure Code Quality / Data Protection

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Quels sont les 7 type de security scanners de GitLab

A

Static App Security Testing (SAST) / Secret Detection / Dynamic App Security Testing (DAST) / Dependency Scanning / Container Scanning / Fuzz Testing / IaC Scanning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

quels sont les 3 types de security support Reports

A

Security Reports ; Vulnerability Management / Policies

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is SAST

A

SAST (static application security testing)looks for known problems in source code (e.g., unvalidated user input leads to command injection)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is DAST

A

DAST (Dynamic Application Security Testing) passively or actively calls a web app or an API to look for security vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is Secret Detection

A

Secret detection looks for hard-coded secrets in source code (e.g., passwords).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is IaC Scanning

A

IaC (Infrastructure-as-Code testing) scans IaC configuration files (e.g., Ansible, Terraform) for known security vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is Fuzz Testing

A

Fuzz testing sends random input to your functions, trying to cause unexpected problems (e.g., 200-character password or Klingon characters in Unicode)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is Vulnerability management

A

Vulnerability Management lets you view problems in several places within GL and accept/dismiss/mark for action

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

what is container scanning

A

Container Scanning looks at your project’s Docker images and scans for known vulnerabilities

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

what is Security Policies

A

Policies provide security teams a way to require scans of their choice to be run whenever a project pipeline runs according to the configuration specified

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is Security Reports

A

Security reports show security vulnerabilities in different places and different ways

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Dependency Scanning

A

Dependency scanning looks at project’s dependencies to see if there are known vulnerabilities with those versions (e.g., third-party YAML-parsing library)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What does Static Analysis do?

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly