Week 14 - Application Security

Question 1

what is application security?

Answer 1

developing, adding and testing security feature in an app to prevent vulnerabilities

Question 2

why is application security important?

Answer 2

guarantee security of information
consumer trust and boosting reputation
mitigating potential attacks

Question 3

what is Saas?

Answer 3

security as a service - cloud based apps

Question 4

define web application firewall

Answer 4

differ from traditional firewall - analyse HTTP traffic

Question 5

application security techniques

Answer 5

authenticating - authorising - using encryption - auditing - security testing

Question 6

DevSecOps - development, security & operations

Answer 6

automates the integration of security at every phase of life cycle

Question 7

DevSecOps culture?

Answer 7

integrated security is the responsibility of every team - not just testers

Question 8

cross site scripting (XSS)

Answer 8

XSS is a type of injection - attacker inserts malicious code into web page, form or URL - takes advantage of the fact that a web browser is responsible for executing the web application script. - found in Javascript

Question 9

SQL

Answer 9

structured query language - programming language - storing and processing information

Question 10

SQL injection

Answer 10

attacker adds own parameter - compromise of database

Question 11

CSRF is?

Answer 11

cross site request forgery - takes advantage of browser - trick the browser into executing malicious actions