Software Security


Terms in this set (...)

Black-box testing
A method of software testing that examines the functionality of an application without knowing the internal structures of the system.
White-box testing
also known as clear box testing, glass box testing, transparent box testing, and structural testing
A method of testing software that tests internal structures or workings of an application, as opposed to its functionality. The tester has complete knowledge of the environment they have been tasked with attacking.
Phase 1 - Reconnaissance
Phase 2 - Scanning
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What are the phases of Hacking
The CIA triad is a core concept of pen testing that stands for:

1) Confidentiality
2) Integrity
3) Availability
What is the CIA triad?
Vulnerabilities are classified as high, medium or low
How are Vulnerabilities classified?
Vulnerability research
Passively uncovers security issues, whereas the process of ethical hacking actively looks for vulnerabilities
Incident Response
Is a plan of how to react when a security incident occurs
Computer crime
Any criminal act during which a computer or computing device is used in the commission of a crime.
TOE is an abbreviation for Target of Evaluation. This is the target system that is being evaluated for exploits or vulnerabilities.
What does TOE mean?
Incident Response Policies
Actual specific details on how the company or organisation responds to a security incident, e.g. Who determines when a security incident occurs, who get's notified, how are they notified, etc.
1) Response
2) Triage
3) Investigation
4) Containment
5) Analysis & tracking
6) Recovery
7) Repair
8) Debriefing & feedback
What are the phases of an Incident and Response
1) IT personnel
2) Human Resources
3) Public relations
4) Local law enforcement
5) Security officers
6) Chief security officer
Who are the members of the Incident Response Team
1) Legal reasons
2) Regulatory reasons
3) To perform an audit
Companies may require a penetration test for which reasons?
Get permission.
What should a pentester do prior to initiating a new penetration test?
Hacks for political reasons
Which of the following best describes what a hacktivist does?
Packet protocol that doesn't do error checking and just sends the packets.
What packet protocol is used for streaming video.
User Datagram Protocol
What does UDP mean?
Transmission Control Protocol
What does TCP mean?
What packet protocol is used for downloading files and requesting web pages?
Packet protocol that does error checking to ensure that the recipient receives the data/packets (packets are numbered)
A telecommunication protocol used for resolution of Internet layer addresses into link layer addresses, a critical function in multiple-access networks.