Software Security

Terms in this set (22)

Black-box testing

A method of software testing that examines the functionality of an application without knowing the internal structures of the system.

White-box testing
also known as clear box testing, glass box testing, transparent box testing, and structural testing

A method of testing software that tests internal structures or workings of an application, as opposed to its functionality. The tester has complete knowledge of the environment they have been tasked with attacking.

Phase 1 - Reconnaissance
Phase 2 - Scanning
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks

What are the phases of Hacking

The CIA triad is a core concept of pen testing that stands for:

1) Confidentiality
2) Integrity
3) Availability

What is the CIA triad?

Vulnerabilities are classified as high, medium or low

How are Vulnerabilities classified?

Vulnerability research

Passively uncovers security issues, whereas the process of ethical hacking actively looks for vulnerabilities

Incident Response

Is a plan of how to react when a security incident occurs

Any criminal act during which a computer or computing device is used in the commission of a crime.

TOE is an abbreviation for Target of Evaluation. This is the target system that is being evaluated for exploits or vulnerabilities.

What does TOE mean?

Incident Response Policies

Actual specific details on how the company or organisation responds to a security incident, e.g. Who determines when a security incident occurs, who get's notified, how are they notified, etc.

1) Response
2) Triage
3) Investigation
4) Containment
5) Analysis & tracking
6) Recovery
7) Repair
8) Debriefing & feedback

What are the phases of an Incident and Response

1) IT personnel
2) Human Resources
3) Public relations
4) Local law enforcement
5) Security officers
6) Chief security officer

Who are the members of the Incident Response Team

1) Legal reasons
2) Regulatory reasons
3) To perform an audit

Companies may require a penetration test for which reasons?

Get permission.

What should a pentester do prior to initiating a new penetration test?

Hacks for political reasons

Which of the following best describes what a hacktivist does?

Packet protocol that doesn't do error checking and just sends the packets.

What packet protocol is used for streaming video.

User Datagram Protocol

What does UDP mean?

Transmission Control Protocol

What does TCP mean?

What packet protocol is used for downloading files and requesting web pages?

Packet protocol that does error checking to ensure that the recipient receives the data/packets (packets are numbered)

A telecommunication protocol used for resolution of Internet layer addresses into link layer addresses, a critical function in multiple-access networks.

YOU MIGHT ALSO LIKE...

;