Security Operations: Identifying Vulnerabilities Flashcards

1
Q

What are the three main methods for to check for application vulnerabilities?

A

Static Analysis
Dynamic Analysis
Packaging monitoring

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is SAST?

A

Static analysis: Part of the code-review process. It’s:

Also known as source code analysis, white box, and static application-security testing (SAST).

Typically uses a set of tools that analyzes code, which isn’t running, and identifies vulnerabilities.

Used in the software development lifecycle (SDLC)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is DAST?

A

Dynamic analysis: Referred to as dynamic application security testing (DAST) and black box testing. It’s:

Run with little human interaction, attacking the application during runtime.

Helpful with identifying:

Input and output validation.

Server-configuration mistakes.

Authentication issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is Package Monitoring?

A

Package monitoring: Discovers, identifies, and actively monitors all installed packages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What are the tools we can use to be updated on new attacks?

A

Threat feeds

You can get information about threats from:

OSINT. -Open-Source Intelligence

Commercial intelligence.

Threat-intelligence sharing.

The dark web.

Penetration testing.

Responsible disclosure program.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is OSINT?

A

OSINT collects publicly available information from:

Websites.

Social media and online communities.

Blogs.

Conferences & webinars.

OSINT enables you to:

Evaluate and analyze information.

Give meaning to raw information or intelligence.

Provide answers to specific intelligence questions.

It’s widely used and is a common first step in passive, first-stage intelligence gathering and threat hunting. It’s also easily acquired.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is commercial intelligence?

A

A third-party solution, as the commercial intel provider collects, evalutes, and analyzes the information. Additionally:

It can be integrated into a variety of utilities.

You can use OSINT and commercial feeds.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is Threat-Intelligence sharing?

A

Also referred to as information-sharing organizations, which:

Collect, analyze, and communicate information to the public.

Provide actionable cybersecurity intelligence information that can be used to strengthen the security of an organization’s assets.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

How is the dark web useful when it comes to searching for new vilnerabilities?

A

Dark web

Identifying if an organization’s data has been leaked on the dark web is critical, as it alerts an organization to potential data breaches. This then enables proactive security measures and helps prevent further exploitation of compromised information.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Why are penetration testing useful?

A

Penetration testing

Penetration testing is a security-assessment process that:

Simulates cyberattacks to identify vulnerabilities and weaknesses in an organization’s systems, applications, or network.

Enables an organization to proactively strengthen security defenses and protect against real-world threats.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

How are zero-day attacks disclose amongst the industry?

A

Responsible disclosure program

Security researchers or ethical hackers responsibly report identified vulnerabilities or security flaws to an affected organization or vendor, which:

Enables the organization to address and fix the issues before public disclosure, thereby promoting responsible and cooperative security improvement.

Could be a bug bounty program where the organization offers a financial incentive to these security researchers and hackers to discover and responsibly disclose vulnerabilities. (can get paid for it)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Why are Sytem and process audits useful?

A

System and process audits

System auditing is a systematic process of examining and analyzing an organization’s computer systems, networks, and security controls. Process auditing is a systematic examination and evaluation of an organization’s operational processes and procedures.

Audits help to:

Ensure adherence to established standards.

Identify inefficiencies.

Improve overall efficiency, productivity, and compliance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly