Week 4: Security

Question 1

What do we want to sercure?

Answer 1

Assets

Question 2

Give me examples of assets?

Answer 2

• webpage
• database
• company reputation

Question 3

What elements does security rely on?

Answer 3

• Authentication
• Authorizaiton
• Auditing
• Confidentiality
• Integrity
• Availability

Question 4

What is a threat?

Answer 4

Any POTENTIAL OCCURRENCE, malicious or otherwise, that could HARM an ASSET

Question 5

What is a vulnerability?

Answer 5

A weakness that makes a THREAT POSSIBle

Question 6

What is an attack?

Answer 6

An action that EXPLOITS a VULNERABILITY or ENACTS a THREAT

Question 7

Gimme examples of security vulnerabilities bitch

Answer 7

• Code injection
• Broken authentication and session management
• Cross site scripting
• Poor programming

Question 8

What is a code injection?

Answer 8

The insertion of MALICIOUS CODE into legitimate traffic sent to an ENDPOINT

Question 9

What are the two very simple goals that security hinges upon?

Answer 9

• Keep UNAUTHORIZED persons from gaining access to RESOURCES

- Ensure AUTHORIZED persons can access resources they need

Question 10

What is Authentication?

Answer 10

the process of confirming a user’s Identity

Question 11

More technical definition of authentication?

Answer 11

Mechanism of associating an incoming request with a set of identifying credentials

Question 12

What does authentication determine?

Answer 12

Access levels or privileges:

• System resources
• data
• application features