Home
Subjects
Textbook solutions
Create
Study sets, textbooks, questions
Log in
Sign up
Upgrade to remove ads
Only $35.99/year
Software Security
STUDY
Flashcards
Learn
Write
Spell
Test
PLAY
Match
Gravity
Terms in this set (22)
Black-box testing
A method of software testing that examines the functionality of an application without knowing the internal structures of the system.
White-box testing
also known as clear box testing, glass box testing, transparent box testing, and structural testing
A method of testing software that tests internal structures or workings of an application, as opposed to its functionality. The tester has complete knowledge of the environment they have been tasked with attacking.
Phase 1 - Reconnaissance
Phase 2 - Scanning
Phase 3 - Gaining Access
Phase 4 - Maintaining Access
Phase 5 - Covering Tracks
What are the phases of Hacking
The CIA triad is a core concept of pen testing that stands for:
1) Confidentiality
2) Integrity
3) Availability
What is the CIA triad?
Vulnerabilities are classified as high, medium or low
How are Vulnerabilities classified?
Vulnerability research
Passively uncovers security issues, whereas the process of ethical hacking actively looks for vulnerabilities
Incident Response
Is a plan of how to react when a security incident occurs
Computer crime
Any criminal act during which a computer or computing device is used in the commission of a crime.
TOE is an abbreviation for Target of Evaluation. This is the target system that is being evaluated for exploits or vulnerabilities.
What does TOE mean?
Incident Response Policies
Actual specific details on how the company or organisation responds to a security incident, e.g. Who determines when a security incident occurs, who get's notified, how are they notified, etc.
1) Response
2) Triage
3) Investigation
4) Containment
5) Analysis & tracking
6) Recovery
7) Repair
8) Debriefing & feedback
What are the phases of an Incident and Response
1) IT personnel
2) Human Resources
3) Public relations
4) Local law enforcement
5) Security officers
6) Chief security officer
Who are the members of the Incident Response Team
1) Legal reasons
2) Regulatory reasons
3) To perform an audit
Companies may require a penetration test for which reasons?
Get permission.
What should a pentester do prior to initiating a new penetration test?
Hacks for political reasons
Which of the following best describes what a hacktivist does?
Sets with similar terms
Chapter 5. Introduction to Incident Response and t…
29 terms
Chapter 5: Access Control
16 terms
SDLC
8 terms
software testing
23 terms
Sets found in the same folder
CyberSecurity
29 terms
Software Security Final
77 terms
WGU C702
112 terms
CEH v11
1,749 terms
Other Quizlet sets
Computer Science Test 3
27 terms
Lecture4: Community Health Assessment
16 terms
IM 341 Exam 3 GRC: Part 3
28 terms
Fun Facts
46 terms
Related questions
QUESTION
When software uses and automatic installation process, what is required of the user or technician?
QUESTION
Your host has automatically received an IPv6 address working in conjunction with its local router that is not configured for DHCP. What technology is at work here?
QUESTION
Which port must be opened to allow a Remote Desktop session through the firewall?
QUESTION
What of the below should be used to configure the NIC that acts as the management interface when the host client is not available?