Chapter 7 Review
Secure Coding
Programming in a manner that is secure
Hardening
The process of making a server or an application resistant to an attack.
Transport Layer Security (TLS)
A protocol based on SSL 3.0 that provides authentication and encryption, used by most servers for secure exchanges over the Internet.
zero-day exploit
A vulnerability that is exploited before the software creator/vendor is even aware of its existence.
Script Kidddy
An attacker with minimal skills. These attackers mostly rely on automated tools from the internet.
OWASP (Open Web Application Security Project)
An organization that maintains a list of the top 10 errors found in web applications.
Advanced Persistent Threat (APT)
Any sophisticated series of related attacks taking place over an extended period of time
Baselining
Creating a fundamental, or baseline security level
CERT Secure Coding Standards
Details standards for secure coding. Cover many of the same issues as OWASP
Sandboxing
Operating in an isolated environment
Secure Coding Standards
Secure coding standards are practices that, if followed throughout the software development life cycle, will help reduce the attack surface of an application
Domain Name System Security Extensions
Security specifications for security DNS. Mitigate risk of DNS attacks such as DNS poisoning. EX: Digital signed responses,
Hacktivist
Use hacking techniques to accomplish a goal. EX: Deface a website of a company they disagree with
Simple Network Management Protocol (SNMP)
Used to manage networks. Each managed device has a software agent installed that reports issues and problems to a centralized _ _ _ _ management server.
User Issues
Vulnerability caused by an inexperienced user. Mainly someone who is untrained or lacks education on security practices
Configuration Issues
Vulnerability that involves the failure of changing default settings or default passwords.
Hacktivist, Insider, Competitor, Organized Crime, etc
What are some of the different types of threat actors?
Configuration Issues, User Issues, Secure Protocols, etc
What are some of the different types of vulnerabilities?
Integration Testing
When two or more units are connected, they should be tested to ensure that they function together. This is usually done by the programmers.
Lightweight Directory Access Protocol (LDAP)
a directory protocol that contains all the information about your network. t lists directory services, servers, workstations, users, etc. It is recommended that this is secured with TLS
User Acceptance Testing (UAT)
determine if the system satisfies the user and business requirements
Insiders
legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident
Competitors
people or organizations that compete for customers or resources
Unit Testing
test individual units or pieces of code for a system
Input Validation
the process of inspecting data given to a program by the user and determining if it is valid
Corporate Espionage
unauthorized access of corporate information, usually to the benefit of a competitor