Security Assessment & Testing Flashcards
A design that allows one to peek inside the “box” & focuses specifically on using internal knowledge of the software to guide the selection of test data.
White Box Testing
Intermediate hosts through which websites are accessed.
Web Proxies
Log the patch installation history & vulnerability status of each host, which includes known vulnerabilities & missing software updates.
Vulnerability Management Software
The authentication process by which the biometric system matches a captured biometric against the person’s stored template.
Verification
The determination of the correctness, with respect to the user needs & requirements, of the final program or software produced from a development project.
Validation
Abstract episodes of interaction between a system & its environment.
Use Cases
A process by which developers can understand security threats to a system, determine risks from those threats, & establish appropriate mitigation.
Threat Modeling
Operational actions performed by OS components, such as shutting down the system or starting a service.
System Events
Involves having external agents run scripted transactions against a web application.
Synthetic Performance Monitoring
Analysis of the application source code for finding vulnerabilities without actually executing the application.
Static Source Code Analysis (SAST)
Criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior.
Statement Coverage
The process for generating, transmitting, storing, analyzing, & disposing of computer security log data.
Security Log Management
The determination of the impact of a change based on review of the relevant documentation.
Regression Analysis
An approach to web monitoring that aims to capture & analyze every transaction of every user of a website or application.
Real User Monitoring (RUM)
Determines that your application works as expected.
Positive Testing
This criteria requires sufficient test cases for each feasible path, basic path, etc. from start to exist of a defined program segment, to be executed at least once.
Path Coverage
Ensures the application can gracefully handle invalid input or unexpected or unexpected user behavior.
Negative Testing
Criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.
Multi-Condition Coverage
A Use Case from the POV of an Actor hostile to the system under design.
Misuse Case
Criteria requires sufficient test cases for all program loops to be executed for zero, one, two & many iterations covering initialization, typical running, & termination (boundary) conditions.
Loop Coverage
Any hardware or software mechanism that has the ability to detect & stop attacks in progress.
Intrusion Prevention System (IPS)
Real-time monitoring of events as they happen in a computer system or network, using audit trail records & network traffic & analyzing events to detect potential intrusion attempts.
Intrusion Detection System (IDS)
Maintaining ongoing awareness of information security, vulnerabilities, & threats to support organizational risk management decisions.
Information Security Continuous Monitoring (ISCM)
Considered to be a minimum level of coverage for most software products but decision coverage alone is insufficient for high-integrity applications.
Decision (Branch) Coverage
