Week 14 - Application Security Flashcards
what is application security?
developing, adding and testing security feature in an app to prevent vulnerabilities
why is application security important?
guarantee security of information
consumer trust and boosting reputation
mitigating potential attacks
what is Saas?
security as a service - cloud based apps
define web application firewall
differ from traditional firewall - analyse HTTP traffic
application security techniques
authenticating - authorising - using encryption - auditing - security testing
DevSecOps - development, security & operations
automates the integration of security at every phase of life cycle
DevSecOps culture?
integrated security is the responsibility of every team - not just testers
cross site scripting (XSS)
XSS is a type of injection - attacker inserts malicious code into web page, form or URL - takes advantage of the fact that a web browser is responsible for executing the web application script. - found in Javascript
SQL
structured query language - programming language - storing and processing information
SQL injection
attacker adds own parameter - compromise of database
CSRF is?
cross site request forgery - takes advantage of browser - trick the browser into executing malicious actions