Background
Types of AS
Tools
Threats
Random
100

Involves taking actions and procedures to ensure and prevent malicious actors from accessing data and code for vulnerable software and hardware

Application Security

100

Define Authentication & Authorization

Authentication: ensure that a user is who they say they are.


Authorization: validate user has permission to access the application


100

IAST stands for _____

Interactive Application Security Testing

100

Exploiting vulnerabilities in the application's database layer to gain unauthorized access or manipulate data.

What is SQL injection

100

T/F: Application security testing is an integral part of the software development process because it aims to identify and rectify security vulnerabilities in new or updated software applications.

True

200

Hardware, software, and procedures for vulnerability management

What is Components of Application Security?

200

Name the 6 types of Application Security

Authentication, Authorization, Encryption, Logging, Data Processing, Security Testing

200
Difference between SAST and DAST

static vs dynamic

Security scanning of the code after you write it vs while it's running


200

Name an impact or consequence of Cross-Site Request Forgery (CSRF)

Any of the following:

  • Unauthorized Actions

  • Data Modification

  • Impersonation

  • Financial Fraud

200

? + ? = IAST 

SAST + DAST= IAST

300

T/F: Application Security prevents unauthorized access, mitigates financial loss, protects sensitive data, but doesn't maintain trust.


False
300

_____ occurs when data is collected and translated into usable information.

Data Processing

300

_____ involves the thorough analysis of all software components and libraries integrated into your application, especially those you didn't develop in-house.

SCA: Security Composition Analysis

300

____ is a type of vulnerability that occurs when an application exposes internal object references, such as database IDs

IDOR: Insecure Direct Object References

300

What do application security tools help us with?

Help you identify known vulnerabilities and notify you of any patches and config fixes

400

What term describes the security practice of identifying and addressing vulnerabilities in software code before it's deployed?

Secure Code Review

400

______ helps provide a time-stamped record of which aspects of the application were accessed and by whom.

Logging

400

What tool uses fuzzing? Explain what fuzzing is?

DAST

fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.


400

Attackers inject malicious scripts (usually JavaScript) into web applications, which are then executed by other users' browsers leading to session hijacking

Cross-Site Scripting (XSS)

400

Explain the process of fuzzing?


500

What is sensitive data more vulnerable in cloud-based applications

Data is transmitted across the Internet

500

____ aims to identify and rectify security vulnerabilities in new or updated software applications.

Application Security Testing

500

Name all 4 application security tools

SCA, SAST, DAST, IAST

500

Name all 4 cyber threats we talked about

XSS, CSRF, SQL Injection, IDOR

500

T/F: explain if false

1) Penetration testing is an example of application security testing 

2)  IAST scans your code while it’s running and users are using it

3) There are 4 types of application security

T, F -> DAST , F -> 6

M
e
n
u