Acronyms
A tool specifically designed to protect web application from attacks.
What is WAF?
___ are used to programmatically provide interfaces for data and service access.
What is Application Programming Interfaces (APIs)?
A tool commonly used to secure, limit, and control cloud services.
What is a cloud application security broker, or CASB?
A role in a federation involve authenticating users.
The identity provider, or IdP.
STRIDE stand for...
What is Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service, and Escalation of Privileges?
How does an API work?
What is a request-response cycle?
Testing that involves running software is an example of what type of testing?
What is Dynamic Testing?
A protocol that is most frequently used to protect data in motion.
What is Transport Layer Security (TLS)?
The DREAD risk categories are...
What is Damage, Reproducibility, Exploitability, Affected Users, Discoverability?
Name 1 common threat of API.
What is Injection attacks, Denial of Service attacks, Poor API key generation techniques, and On-path (man-in-the-middle) attacks?
A term that describes the common cloud practice of multiple customers sharing the same services and infrastructure.
What is Multitenancy?
A technology that allows applications to be run without being directly inked to the underlying operating system.
What is Application virtualization?
Continuous integration/continuous delivery is often associated with
what is IAST?
Two most common types of APIs.
What is Simple Object Access Protocol (SOAP) and RESTful (REST stands for Representational State Transfer)?
Name four OWASP Top 10 cloud native application security risks.
What is insecure cloud, container, or orchestration configuration
Injection flaws (app layer, cloud events, cloud services)
Improper authentication and authorization
CI/CD pipeline and software supply chain flaws?
Placing a system or application into isolation so that it can be securely tested.
What is Sandboxing?
Planning, requirements, design, coding, testing, training and transition, and ongoing operations and maintenance are typical stages of...
What is waterfall SDLC?
A tool often used to rate-limit APIs and to provide authentication for API users.
What is API gateway?
Unlike virtualization, _____ includes only the application, configuration, and supporting libraries.
What is containerization?
The broad use of many small instances to allow applications to increase or decrease performance as needed is part of a cloud application development pitfall.
What is Scalability?