Security Flashcards
quels sont les 3 types de detection de security que GitLab peut faire
Unauthorized access / Data Leaks / DoS Attacks
why Application Security is important
PRivacy Risks / Ensure Code Quality / Data Protection
Quels sont les 7 type de security scanners de GitLab
Static App Security Testing (SAST) / Secret Detection / Dynamic App Security Testing (DAST) / Dependency Scanning / Container Scanning / Fuzz Testing / IaC Scanning
quels sont les 3 types de security support Reports
Security Reports ; Vulnerability Management / Policies
What is SAST
SAST (static application security testing)looks for known problems in source code (e.g., unvalidated user input leads to command injection)
What is DAST
DAST (Dynamic Application Security Testing) passively or actively calls a web app or an API to look for security vulnerabilities
What is Secret Detection
Secret detection looks for hard-coded secrets in source code (e.g., passwords).
What is IaC Scanning
IaC (Infrastructure-as-Code testing) scans IaC configuration files (e.g., Ansible, Terraform) for known security vulnerabilities
What is Fuzz Testing
Fuzz testing sends random input to your functions, trying to cause unexpected problems (e.g., 200-character password or Klingon characters in Unicode)
What is Vulnerability management
Vulnerability Management lets you view problems in several places within GL and accept/dismiss/mark for action
what is container scanning
Container Scanning looks at your project’s Docker images and scans for known vulnerabilities
what is Security Policies
Policies provide security teams a way to require scans of their choice to be run whenever a project pipeline runs according to the configuration specified
What is Security Reports
Security reports show security vulnerabilities in different places and different ways
Dependency Scanning
Dependency scanning looks at project’s dependencies to see if there are known vulnerabilities with those versions (e.g., third-party YAML-parsing library)
What does Static Analysis do?