Week 8 - Application Security Testing Flashcards
What is Application Security Testing?
- Refers to the practice of evaluating & testing software applications to identify & remediate vulnerabilities and weaknesses that could be exploited by attackers.
What does the Application Security Lifecycle Approach encompass?
Design, development, production & runtime.
What is the goal of Application Security Lifecycle?
To provide integrated security layers for applications defense.
What type of analysis should be conducted at the application level?
Thorough threat & vulnerability analysis.
What is the purpose of Static Code Analysis?
To identify vulnerabilities and security issues in the source code of software applications before they are compiled or executed.
Why is it important to identify core level vulnerabilities before execution?
It prevents potential security issues from being introduced into the running application, reducing the risk of attacks.
SAST tools can also check if your code adheres to coding standards and …?
Best practices.
What is data flow analysis, in the context of SAST?
Can trace how data flows through the application and can identify potential security issues related to data handling.
What is dependency scanning, in the context of SAST?
Analyze third-party libraries and components used in the application to identify known vulnerabilities.
What is false positive reduction, in the context of SAST?
Reduce false positives (non-existent issues reported as vulnerabilities) by using various techniques like pattern recognition & code context analysis.
What is Interactive Application Security Testing (IAST)?
IAST is a dynamic security testing technique used to assess the security of web applications and APIs during runtime while they are actively running or being tested.
How does IAST differ from SAST and DAST?
IAST combines elements of both SAST and DAST to provide a comprehensive assessment.
What does IAST monitor during runtime?
Instruments the application to monitor its behavior, interactions with components, databases, and external services, and actively identifies security vulnerabilities by analyzing these interactions.
How does DAST detect SQL injection?
DAST detects SQL injection vulnerabilities by sending malicious SQL queries as input and checking if they are executed by the database.
How does DAST detect Directory Traversal?
DAST detects directory traversal vulnerabilities by sending requests that attempt to access files or directories outside the intended scope.
How does DAST detect Authentication Bypasses?
DAST identifies authentication weaknesses by attempting to access restricted resources without proper credentials.
What is Dynamic Application Security Testing (DAST)?
Used to evaluate the security of web applications and APIs during runtime by interacting with them as external attackers might.
How does DAST detect cross-site scripting (XSS)?
By injecting malicious scripts into input fields or URL parameters and analyzing the applications responses.
What is the main purpose of DAST in a production environment?
To assess the security of applications in real-time by simulating attacks to uncover vulnerabilities that may be exploited by external attackers.
What is Runtime Application Self-Protection (RASP)?
A security technology integrated directly into an application or its runtime environment to protect against security threats during runtime.
How does RASP prevent SQLi attacks?
RASP detects SQL injection attempts by analyzing SQL queries in real-time and can block or sanitize them to prevent unauthorized access or modification of the database.
Why is RASP important?
It provides real-time protection against security threats, enabling applications to respond to attacks as they occur.
How does RASP protect against Cross-Site Scripting (XSS) attacks?
Monitoring user inputs and the content rendered in the browser, blocking or sanitizing any detected script injection attempts.
What role does RASP play in authentication and session management security?
RASP detects and responds to authentication issues, such as brute force attacks or session fixation, by blocking suspicious login attempts or invalidating compromised sessions.