Things To Learn Flashcards
Mutation Fuzzing
Also called Dumb Fuzzing
Takes previous input and mutates it to create the fuzzed input. Can alter characters or append strings to the end of the content.
There is no understanding of the format of the input data.
Generational Fuzzing
Also called Intelligent fuzzing.
Creates new fuzzed input based on an understanding of the types of data used by programs.
What are the limits of fuzz testing?
- Does not result in full coverage of the code
- Detects simple errors that do not require
complex manipulation of business logic.
-
Bit flipping
Technique used in mutational fuzzing that flips bits of input data, either randomly or using a predetermined sequence.
You are working with your company to validate assessment and audit strategies. The immediate goal is to ensure that all auditors are following the processes and procedures defined by the company’s audit policies. Which type of audit should you use for this scenario?
Internal, External, Third Party, Hybrid
Explanation: Third-party testing is specifically geared to ensuring that the other auditors (internal and external) are properly following your policies and procedures.
A language for specifying security checklists.
XCCDF
Extensive Configuration Checklist Description Format
A language for describing security testing procedures
OVAL
Open Vulnerability and Assessment Language
A naming system for operating systems, applications, and devices
CPE
Common Platform Enumeration
A naming system for system configuration issues
CCE
Common Configuration Enumeration
A standardized scoring system for scribing the severity of security vulnerabilities
CVSS
Common Vulnerability Scoring System
A naming system for describing security vulnerabilities
CVE
Common Vulnerabilities and Exposures
What are the three scoring factors used in CVSS?
Base
Temporal
Environmental
