Application Security Jeopardy Template

AppSec Terms

SDLC

Scramble

Attacks

100

A world-wide, not-for-profit organisation focused on improving the security of software. All materials and tools are available under an open-source license.

What is OWASP?

100

A tool used by most developers to create, build, and test software.

What is an IDE?

100

he rack

What is Hacker?

100

An online technique where a person poses as another in order to gain their confidence and eventually coerce them into giving up secrets.

What is a phishing attack?

200

An industry standard covering the security of payment processing systems.

What is PCI-DSS?

200

A tool used to automate the process of compiling, packaging and testing software before release.

What is a build server? (Jenkins etc.)

200

rod swaps

What is Password?

200

A browser attack where data is POST'ed from outside the actual web application, typically from another site.

What is a Cross-Site Scripting Attack?

300

A security training provider that hosts courses all over the world as well as publishing security books and online content.

What is SANS?

300

A software development approach focused on short release cycles and iterative backlog management.

What is Agile?

300

bye crusty rice

What is Cyber Security ?

300

An attack where an application can have arbitrary database-level code executed.

What is SQL Injection?

400

A common, labour-intensive, time-consuming approach to software security testing.

What is Penetration Testing?

400

A movement to break down the barriers between the various teams involved in designing, developing, and operating software.

What is DevOps?

400

burial tin levy

What is Vulnerability?

400

Psychological manipulation of people into performing actions or divulging confidential information

What is social engineering?

500

A less common, early stage assessment of the potential threats to an application that has not yet been developed.

What is Threat Modelling?

500

A common Agile software development methodology, focused on self-organising development teams.

What is SCRUM?

500

NIAOINTMFOR

what is Information

500

Technique used to alter MAC and IP addresses of a network in order to manipulate routing paths, generally used to launch man-in-the-middle attacks.

What is ARP poisoning?