Application Security Testing
This form of testing focuses PRIMARILY on identifying and diagnosing weaknesses in a system
What is a vulnerability assessment?
This attack causes code from one user to be run on the same system as another.
What is XSS (Cross Site Scripting)?
This process focuses on verifying the user's identity integrity.
What is authentication?
These controls are put in place for compliance when either other controls fail, or when you're creating a bridge to get into compliance.
What are Compensating controls?
What is user input?
These five steps (in order) are the protocol that penetration testers follow when looking for vulnerabilities.
What are Scoping, Recon, Discovery, Exploitation, and Reporting?
This vulnerability happens when a given system exceeds the amount of data it can handle and starts overwriting adjacent memory locations.
What is buffer overflow?
This process requires users to authenticate using multiple forms of verification.
What is Multi-Factor Authentication?
This standard manages data security around payment forms.
What is PCI-DSS?
These three measures are used for authentication- based on the 'something you...'
-Something you know
-Something you are
-Something you have
This type of penetration testing aims to compromise a trusted actor with some amount of privilege in a system.
What is social engineering?
Believing they are installing 'nmap', a user types 'sudo apt install mmap' into their terminal, unintentionally exposing them to this type of vulnerability.
What is Software Supply Chain Failure?
This form of control focuses on controlling processes you follow and documentation.
This government repository holds a list of current vulnerabilities.
What is the NVD? (National Vulnerability Database)
We used Burpsuite and ZAP to implement this system, which intercepts requests coming in and out of the client to the server.
What is a Proxy?
What is Server?
This models makes user's verify integrity through a separate channel of communication.
What is out-of-band authentication?
This European law contains 'the right to be forgotten'.
What is GDPR?
This must always be obtained before performing ANY vulnerability assessment.
What is permission?
This occupation is focused on defending cyber systems from active attack, and further fortifying systems.
What is blue team?
This vulnerability can occur when two processes need access shared data in a very specific sequence.
What is a race condition vulnerability?
This identifier collects information about a user's online activity based on factors such as the browser type, operating system, screen resolution.
What is a browser fingerprint?
These two organizations provide frameworks for organizations to achieve compliance.
What are ISO and NIST?