Security
What is the primary goal of application security?
To prevent unauthorized access to data and functionality within an application.
What is cryptography?
Cryptography is the practice and study of techniques for secure communication in the presence of third parties.
What is identity and access management (IAM)?
IAM is the framework of policies and technologies for ensuring that only authorized individuals have access to resources.
What is social engineering?
Social engineering is the psychological manipulation of people into performing actions or divulging confidential information.
What is a password attack?
A password attack is an attempt to gain unauthorized access to a system or account by guessing or cracking passwords.
What is the difference between white-box and black-box testing in application security?
White-box testing involves testing with knowledge of the internal workings of the application, while black-box testing is done without any knowledge of the internal structure.
What is the purpose of encryption in cryptography?
Encryption is used to transform plaintext into ciphertext, making it unreadable to unauthorized parties.
What is multi-factor authentication (MFA)?
MFA is a security process that requires users to provide two or more forms of authentication before granting access to a system.
What is pretexting?
Pretexting is a form of social engineering in which an attacker creates a fabricated scenario to obtain sensitive information from a target.
What is brute force password cracking?
Brute force password cracking is a method of trying every possible password combination until the correct one is found.
What is the principle of least privilege in application security?
The principle of least privilege states that users should only be given the minimum level of access or permissions necessary to perform their job functions.
What is the difference between symmetric and asymmetric encryption?
Symmetric encryption uses the same key for both encryption and decryption, while asymmetric encryption uses a pair of keys: public and private.
What is the principle of least privilege in the context of IAM?
The principle of least privilege states that individuals should have only the minimum level of access necessary to perform their job functions.
What is phishing?
Phishing is a type of social engineering attack in which attackers attempt to trick individuals into revealing sensitive information by posing as a trustworthy entity.
What is a dictionary attack?
A dictionary attack is a type of password attack that uses a predefined list of common passwords or words from the dictionary to guess passwords.
What are some common security vulnerabilities found in web applications?
Examples include SQL injection, cross-site scripting (XSS), cross-site request forgery (CSRF), and broken authentication.
What is a digital signature?
A digital signature is a cryptographic technique used to verify the authenticity and integrity of a message or document.
What is role-based access control (RBAC)?
RBAC is a method of restricting network access based on the roles of individual users within an organization.
What are some common indicators of a phishing email?
Indicators include spelling and grammar errors, urgent requests for personal information, and suspicious email addresses or URLs.
What is salting in the context of password storage?
alting involves adding a random value to each password before hashing it, making it more difficult for attackers to use precomputed hash tables.
What is the purpose of input validation in application security?
Input validation helps ensure that user-supplied data is clean, correct, and safe to use, thereby preventing various types of attacks such as injection attacks.
What is the role of cryptographic hashing in security?
Cryptographic hashing is used to securely store passwords, verify data integrity, and generate unique identifiers
What are some common IAM challenges in cloud computing environments?
Challenges include identity federation, compliance requirements, and maintaining centralized control over distributed resources.
What are some strategies for mitigating social engineering attacks?
Strategies include employee training and awareness programs, implementing strong authentication mechanisms, and regularly testing security controls.
What are some best practices for creating strong passwords?
Best practices include using a combination of letters, numbers, and special characters, avoiding easily guessable information, and regularly updating passwords.