Software & Systems Security Flashcards
CNAME
Canonical Name Record or Alias Record. Specifies that one domain name is an alias of another canonical domain name.
Pair programming
a real-time process that utilizes two developers working on one workstation, where one developer reviews the code being written in real-time by the other developer.
Input validation
Performed to ensure only properly formed data is entering the workflow in an information system, preventing malformed data from persisting in the database and triggering a malfunction of various downstream components.
Fuzzing
An automated software testing technique that involves providing invalid, unexpected, or random data as inputs to a computer program through the use of a fuzzer.
Dynamic Code Analysis
studying how the code behaves during execution. An example is fuzzing
Static code analysis
a method of debugging by examining source code before a program is run.
Known bad data injection
a technique where data known to cause an exception or fault is entered as part of the testing/assessment.
Security regression testing
ensures that changes made to a system do not harm its security
Stress testing
verifies the system’s stability and reliability by measuring its robustness and error handling capabilities under heavy load conditions.
Dual control
a personnel security process that requires more than one employee available to perform a specific task.
Measured boot
a feature where a log of all boot actions is taken and stored in a trusted platform module for later retrieval and analysis by anti-malware software on a remote server.
Master boot record analysis
used to capture the hard disk’s required information to support a forensic investigation.
Relying parties (RPs)
provide services to members of a federation.
identity provider (IdP)
provides identities, makes assertions about those identities, and releases information about the identity holders.
Security Assertion Markup Language (SAML)
open standard for exchanging authentication and authorization data between parties between an identity provider and a service provider (SP) or a relying party (RP).