Chapter 7 Review

Secure Coding

Programming in a manner that is secure

Hardening

The process of making a server or an application resistant to an attack.

Transport Layer Security (TLS)

A protocol based on SSL 3.0 that provides authentication and encryption, used by most servers for secure exchanges over the Internet.

zero-day exploit

A vulnerability that is exploited before the software creator/vendor is even aware of its existence.

Script Kidddy

An attacker with minimal skills. These attackers mostly rely on automated tools from the internet.

OWASP (Open Web Application Security Project)

An organization that maintains a list of the top 10 errors found in web applications.

Advanced Persistent Threat (APT)

Any sophisticated series of related attacks taking place over an extended period of time

Baselining

Creating a fundamental, or baseline security level

CERT Secure Coding Standards

Details standards for secure coding. Cover many of the same issues as OWASP

Sandboxing

Operating in an isolated environment

Secure Coding Standards

Secure coding standards are practices that, if followed throughout the software development life cycle, will help reduce the attack surface of an application

Domain Name System Security Extensions

Security specifications for security DNS. Mitigate risk of DNS attacks such as DNS poisoning. EX: Digital signed responses,

Hacktivist

Use hacking techniques to accomplish a goal. EX: Deface a website of a company they disagree with

Simple Network Management Protocol (SNMP)

Used to manage networks. Each managed device has a software agent installed that reports issues and problems to a centralized _ _ _ _ management server.

User Issues

Vulnerability caused by an inexperienced user. Mainly someone who is untrained or lacks education on security practices

Configuration Issues

Vulnerability that involves the failure of changing default settings or default passwords.

Hacktivist, Insider, Competitor, Organized Crime, etc

What are some of the different types of threat actors?

Configuration Issues, User Issues, Secure Protocols, etc

What are some of the different types of vulnerabilities?

Integration Testing

When two or more units are connected, they should be tested to ensure that they function together. This is usually done by the programmers.

Lightweight Directory Access Protocol (LDAP)

a directory protocol that contains all the information about your network. t lists directory services, servers, workstations, users, etc. It is recommended that this is secured with TLS

User Acceptance Testing (UAT)

determine if the system satisfies the user and business requirements

Insiders

legitimate users who purposely or accidentally misuse their access to the environment and cause some kind of business-affecting incident

Competitors

people or organizations that compete for customers or resources

Unit Testing

test individual units or pieces of code for a system

Input Validation

the process of inspecting data given to a program by the user and determining if it is valid

Corporate Espionage

unauthorized access of corporate information, usually to the benefit of a competitor