301-ch14

Created by srellars 

Upgrade to
remove ads

Vulnerability

a security weakness that could be compromised by a particular threat.,

Threat

The person or event that would compromise an asset's CIA

Vulnerability assessment

examining your network and systems for existing vulnerabilities.,

Network mapper

" a program that scans a network to determine which hosts are available and what operating systems are running,

Port scanner

used to determine which ports on the system are listening for requests

Vulnerability scanner

a software program used to scan a host for potential weaknesses that could be exploited

Protocol analyzer

a tool used to monitor record and analyze network traffic.,

Open vulnerability and assessment language (OVAL)

" security standard that provides open access to security assessments using a special language to standardize systems security configure patient characteristics, current system analysis, and reporting. It provides a language and templates that help administrators check their systems to determine whether vulnerabilities exist.",

Dictionary attack

a password attack that uses dictionary words to crack passwords

Brute force attack

a password attack method that attempts every possible combination of characters and lengths until it identifies the password.

Hybrid attack

a password attack that is a combination of dictionary and brute force attacks which adds numbers and special characters to a dictionary word in an attempt to crack a password

Shadow password

a password protection technique that stores passwords as hashes rather than clear text

Salt

a suffix of random characters added to a password before it is encrypted.,

Honey pot

a device or server used to attract and lure attackers into trying to access it thereby removing attention from actual critical systems.,

Honey net

a group of honeypots used to more accurately portray an actual network.,

Attack surface

and aspect of your software application that is vulnerable for an attacker to exploit.,

Design review

a review of the initial product design specifications

Code review

" and a detailed line by line review of the developers code by another developer to identify performance, efficiency, or security related issues.",

Penetration testing

and evaluation of the security of a network or system by actively simulating an attack.,

White box testing

a testing method where the user testing the system's security or functionality has prior knowledge of its configuration, code and design

Black box testing

a testing method where the user testing the system's security or functionality has no prior knowledge of its configuration, code and design

Gray box testing

hybrid testing methodology that includes aspects of both white box and blackbox testing. It uses some prior knowledge of how the software application is designed at the testing is performed from the perspective of an end-user.,

Please allow access to your computer’s microphone to use Voice Recording.

Having trouble? Click here for help.

We can’t access your microphone!

Click the icon above to update your browser permissions above and try again

Example:

Reload the page to try again!

Reload

Press Cmd-0 to reset your zoom

Press Ctrl-0 to reset your zoom

It looks like your browser might be zoomed in or out. Your browser needs to be zoomed to a normal size to record audio.

Please upgrade Flash or install Chrome
to use Voice Recording.

For more help, see our troubleshooting page.

Your microphone is muted

For help fixing this issue, see this FAQ.

Star this term

You can study starred terms together

NEW! Voice Recording

Create Set