Secure Software Development
This is a software development approach that focuses on the inclusion of security features and considerations from the outset.
What is Secure by Design or Security by Design?
This CIS Control involves actively managing (inventory, track, and correct) all hardware devices on the network so that only authorized devices are given access.
What is Inventory and Control of Enterprise Assets?
A type of software designed to detect and remove malware.
What is Antivirus Software?
This type of security mechanism is used to ensure messages between two parties cannot be read by others.
What is encryption?
A type of security testing that inputs unexpected or invalid data into the software to check for crashes and vulnerabilities.
What is fuzzing or fuzz testing?
A type of software testing that is specifically focused on identifying security vulnerabilities.
What is security testing?
A set of globally recognized and consensus-driven best practices to help security practitioners implement and manage their cybersecurity defenses.
What are CIS Benchmarks?
This term refers to the practice of keeping a device's software up-to-date in order to protect against vulnerabilities.
What is Patch Hygiene or Patch Management?
This common security measure is used to protect online accounts through a secondary verification process.
What is Two-Factor Authentication (2FA)?
This secure development practice requires developers to input validation checks to ensure only properly formatted data is processed by the software.
What is input validation?
This principle involves giving a piece of code only the privileges which are essential to perform its tasks.
What is the Principle of Least Privilege?
A prescriptive, prioritized, and simplified set of best practices that you can use to strengthen your cybersecurity posture.
What are CIS Controls?
A technique used to allow only applications you need and block the rest.
What is Application Whitelisting?
A security flaw that occurs when an application includes untrusted data in a new web page without proper validation or escaping.
What is Cross-site Scripting (XSS)?
This method involves breaking down the software development process into smaller stages and integrating security at each stage.
What is the Secure Software Development Life Cycle (SSDLC)?
A document that provides guidelines and specifications for programming secure software.
What is a Secure Coding Standard?
Developing a plan to continuously assess and track vulnerabilities on all enterprise assets within the enterprise’s infrastructure, in order to remediate, and minimize, the window of opportunity for attackers.
What is Continuous Vulnerability Management (Control 7)?
This security strategy involves using multiple layers of defense to protect data and operations.
What is Defense in Depth?
This is the encrypted secure version of HTTP, which is the primary protocol used to send data between a web browser and a website.
What is HTTPS?
This is a structured way of handling errors in software that ensures that the system can manage and recover from errors smoothly.
What is exception handling?
Designing and implementing software so that it continues to function even when under attack
What is Defensive Programming?
Testing the effectiveness and resiliency of enterprise assets through identifying and exploiting weaknesses in controls (people, processes, and technology), and simulating the objectives and actions of an attacker.
What is Penetration Testing (Control 18)?
An endpoint protection feature that automatically isolates a compromised device from a network.
What is Auto-Containment or Network Quarantine?
A vulnerability where attackers can execute malicious SQL statements, controlling a database server behind a web application.
What is SQL Injection?
An outdated software that no longer receives security updates and can pose significant security risks to an organization.
What is end-of-life software?