This type of result indicates that a vulnerability was correctly identified and is indeed present.
What is a true positive?
This type of control is implemented to satisfy the requirement for a security measure that is impractical to implement.
What is a compensating control?
This tool is used to find vulnerabilities in web applications and includes features like intercepting proxy and web application scanner.
What is Burp Suite?
This type of vulnerability is unknown to the software vendor and has no available patch.
What is a zero-day vulnerability?
This open-source web application security scanner is designed to find vulnerabilities in web applications.
What is Zed Attack Proxy (ZAP)?
This type of scanning compares the current state of a system against the normal everyday security conditions previously recorded.
What is security baseline scanning?
This risk management strategy involves transferring the risk to another party, such as through insurance.
What is risk transference?
This type of analysis uses machine learning to analyze user behavior and detect anomalies.
What is UEBA (User and Entity Behavior Analytics)?
This type of overflow occurs when more data is written to a buffer than it can hold, potentially leading to code execution.
What is buffer overflow?
This commercial vulnerability scanner is widely used for identifying and managing security vulnerabilities.
What is Nessus?
This type of scanning is performed from within the organization’s network to identify vulnerabilities that could be exploited by internal threats.
What is internal or credentialed scanning?
This practice involves ensuring that input data is properly checked and sanitized to prevent security vulnerabilities.
What is input validation?
This type of analysis involves collecting intelligence from publicly available sources.
What is OSINT (Open Source Intelligence)?
This term refers to the ease with which a vulnerability can be exploited to carry out an attack.
What is exploitability?
This tool is used for network discovery and security auditing, known for its graphical interface and extensive data visualization capabilities.
What is Maltego?
This measurable value demonstrates how effectively a cloud service provider is achieving key security objectives.
What is KPI (Key Performance Indicator)?
This framework is used by U.S. federal agencies to manage information security risk.
What is FISMA (Federal Information Security Management Act)?
This type of scanning does not require software to be installed on the target systems.
What is agentless scanning?
This type of attack involves exploiting a vulnerability to gain higher access rights than originally intended.
What is privilege escalation?
This free tool is widely used for network enumeration via a command line interface, but can be used from Windows via a graphical interface application.
What is network mapper (nmap)?
This language is used to authenticate and authorize data between parties in a cloud environment.
What is SAML (Security Assertion Markup Language)?
This framework is intended for developing, implementing, monitoring, and improving cloud IT governance and management practices
What is COBIT (Control Objectives for Information and Related Technologies)?
This debugger is widely used for analyzing and debugging programs written in C and C++, primarily in Linux.
What is GDB (GNU Debugger)?
This type of XSS attack occurs when malicious scripts are injected into otherwise benign and trusted websites.
What is reflected XSS?
This penetration testing framework is used for developing and executing exploit code against target systems.
What is Metasploit Framework (MSF)?