Security Assessment and Testing Domain Flashcards
A design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection of test data.
White-box Testing
Intermediate hosts through which websites are accessed
Web Proxies
Log the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.
Vulnerability Management Software
The authentication process by which the biometric system matches a captured biometric against the person’s stored template
Verification
The determination of the correctness, with respect to the user needs and requirements, of the final program or software produced from a development project.
Validation
Abstract episodes of interaction between a system and its environment
Use Cases
A process by which developers can understand security threats to a system, determine risks from those threats and establish appropriate mitigations
Threat Modeling
Operational actions performed by OS components, such as shutting down the system or starting a service
System Events
Involves having external agents run scripted transactions against a web application
Synthetic Performance Monitoring
Analysis of the application source code for finding vulnerabilities without actually executing the application
Static Source Code Analysis (SAST)
The process for generating, transmitting, storing, analyzing, and disposing of computer security log data.
Security Log Management
The determination of the impact of a change based on review of the relevant documentation
Regression Analysis
An approach to web monitoring that aims to caputre and analyze every transactions of every user of a website or application
Real User Monitoring (RUM)
Determines that your application works as expected
Positive Testing
Ensures the application can gracefully handle invalid input or unexpected user behavior
Negative Testing