Vulnerability Assessments
This type of scan identifies known security weaknesses in systems and software
What is a vulnerability scan?
This type of penetration test provides the tester with no prior knowledge of the target system.
What is a black box test?
This type of security testing analyzes an application’s source code without executing it.
What is Static Application Security Testing (SAST)?
This type of tool scans a system for known vulnerabilities and misconfigurations.
What is a vulnerability scanner?
This phase of the SDLC focuses on identifying security requirements before development begins.
What is the planning phase?
This score rates the severity of a vulnerability on a scale from 0 to 10.
What is CVSS (Common Vulnerability Scoring System)?
This phase of penetration testing involves gathering information about the target.
What is reconnaissance?
This security testing method interacts with a running application to find vulnerabilities.
What is Dynamic Application Security Testing (DAST)?
This open-source tool is widely used for network scanning and host discovery.
What is Nmap?
This type of testing checks software for security flaws before deployment.
What is security testing?
This type of vulnerability assessment examines source code for security flaws.
What is static analysis?
This document outlines the rules, scope, and limitations for a penetration test.
What is a Rules of Engagement (RoE) document?
This hybrid testing approach combines static and dynamic analysis for better vulnerability detection.
What is Interactive Application Security Testing (IAST)?
This security tool is designed to intercept and manipulate web traffic for application testing.
What is Burp Suite?
Fixing security issues after software is released is called this.
What is patching?
his type of vulnerability scan checks systems without exploiting them, ensuring no disruption
What is a non-intrusive scan?
In penetration testing, this type of attack attempts to gain unauthorized access by tricking users.
What is social engineering?
This type of security testing mimics real-world attacks to evaluate an application's defenses.
What is penetration testing?
This tool automates the process of detecting and exploiting SQL injection vulnerabilities.
What is sqlmap?
This principle ensures that security is considered throughout the entire development process, not just at the end.
What is security by design?
his widely used vulnerability database is maintained by the U.S. government.
What is the National Vulnerability Database (NVD)?
This tool, commonly used in penetration testing, provides a framework for exploiting vulnerabilities.
What is Metasploit?
This widely known list ranks the top 10 most critical web application security risks.
What is the OWASP Top 10?
This category of tools helps organizations detect and respond to security incidents by collecting and analyzing log data in real-time.
What is a Security Information and Event Management (SIEM) system?
This secure development practice involves analyzing software for threats before coding begins.
What is threat modeling?