Soft Sec Final Flashcards
Difference between software security engineering and software engineering
software engineering is focused on building/making software, whereas software security is focused on the software’s security features
Difference between software testing and security testing
software testing is looking for bugs whereas security testing is trying to find vulnerabilities
Define penetrate and patch
A design flaw of poor coding that may allow an attacker to cause damage
Vulnerability
Software, data, or commands that take advantage of a weakness to cause unanticipated or unexpected beahviour
Exploit
An actor or agent that is a source of danger to a system
Threat
Failure of human cognition that can lead to problems
Human Error
Difference between a vulnerability and an exploit
vulnerability is a bug or flaw within the code, whereas the exploit is the action of manipulating the vulnerability
What is the recommended approach for mitigating SQL Injection vulnerabilities?
Sanitize all inputs and data validation
What does STRIDE?
Spoofing, Tampering, Repudiation, Information, Denial of Service, Elevation of Privilege
What does CIA stand for?
Confidentiality, Integrity, Availability
In session hijacking, you can attack someone by pretending to be them by stealing their information. Which part of the system are you violating?
Authentication
What is true about pen testing?
Is about attempting to exploit as much as possible, demonstrates the person-hours required to break into a system, requires a working system
What is functional and adversarial security testing?
Functional tests the security mechanisms defined in the requirements, whereas adversarial testing uses a risk based approach to simulate an attacker
Difference between misuse and abuse cases?
abuse cases are ways to exploit/take advantage whereas misuse are mistakes
What are some examples of security by obscurity?
Placing admin page on a web page that has no links, and requiring a difficult to guess password for authnetication
What is defense in depth?
someone breaks the first line of protection, but they cannot get any further
What is least privilege?
Every user or module should be allowed minimum access required
What does is mean to fail securely?
Make sure the error messages and exceptions do not reveal information or leave the system vulnerable
What does is mean to have security by default?
Configure the system so you dont have to rely on your users to user it correctly
What three statements of risk is true?
The risk associated with an event is the probability the event will happen times the expected damage of that event, risk=p(occurrence)impact, security risk=p(vulnerability)value of asset
Do trusted messages need verification?
No, but untrusted messages do
What is an example of a side channel attack?
using javascript to exercise a wifi chip so that it emits pulses of electromagnetic waves such that an AM radio can pick up the signal and leak
what is an example of multifactor authentication?
Requiring the original invite to a party in addition to recognizing you invitees, and scanning an ID badge and entering PIN number on a keypad to open a door
What are two facts about public keys?
better for communication between untrusted parties, and predominately accomplished today with RSA algorithm
What are two facts about symmetric keys?
They are used in ssh, and is faster
For ssal, how does one get their public key to be trusted?
certificate authority to verify key then they needs a private key
What is a primary disadvantage of this approach?
It can be intercepted
What can an attacker use to determine the paintext version of a common password hashed even with a currently safe algorithm like SHA-256
Rainbow Table
Describe the process we discussed in class for mitigating the risk posed by this technique?
Adding a salt to the password
We discussed locimetric systems as a replacement for passwords that involves memorizing areas of a single photograph. Advantages?
Easier to remember and less effort
What are some disadvantages to locimetric systems?
Shoulder surfing and can be hard to implement/ tolerances could be low enough to guess
What is true about OAuth?
The access token can specify the scope of the permissions like read and write, and the access token must be provided to obtain a resource
We said that the most critical rule of release management is to never put the same version number on two different releases. Why?
Proper logging lets users know what they are getting into
What is an insider threat in the context of cyber security?
Threat originating from individuals within an organization
For validating input, what is the difference between a block list and an allow list?
block list blocks certain things and allow list permits things to enter
What is a polyglot file?
multi extension file
What is the attack surface of an application?
anything that requires external input
List and briefly describe the ways we discussed in class to measure usability.
Time to learn - which is how long it takes to learn how to use the product
Retention over time - which is how useful the product is to come back to
List the two ways we discussed in class to reduce the load on human memory and increase usability
Simple design and less things to remember
Briefly define the software supply chain
Software supply chain is anything that is interacting with an application that is an external source and not controlled by the developer
List 4 types of items that can be part of the software supply chain
Libraries, Hardware, DB operations, API integrations
What does a dependency manager do?
Makes sure that there are no conflicts or vulnerabilities in your libraries
What is the name of the dependency manager that we discussed in class?
dependabot
Regarding deployment strategies, describe blue green deployment
Blue green uses 2 different groups of the same build and is used to see what bugs occur, then swaps builds so their is no downtime
Describe the canary deployment
released a small amount of updates to users first to see how it works and depending on that, then it will be deployed at scale
List the two types of information that must be included in a Incident Response Plan
Roles need to be outlined, defined, and assumed to prevent an overlap of responsibilities
Critical systems need to be documented to know where the incident response plan should focus efforts of mitigation
For the following regulations, indicate their following domains, HIPAA, FERPA, GDPR
Medical, Education, EU
