22 terms


a security weakness that could be compromised by a particular threat.,
The person or event that would compromise an asset's CIA
Vulnerability assessment
examining your network and systems for existing vulnerabilities.,
Network mapper
" a program that scans a network to determine which hosts are available and what operating systems are running,
Port scanner
used to determine which ports on the system are listening for requests
Vulnerability scanner
a software program used to scan a host for potential weaknesses that could be exploited
Protocol analyzer
a tool used to monitor record and analyze network traffic.,
Open vulnerability and assessment language (OVAL)
" security standard that provides open access to security assessments using a special language to standardize systems security configure patient characteristics, current system analysis, and reporting. It provides a language and templates that help administrators check their systems to determine whether vulnerabilities exist.",
Dictionary attack
a password attack that uses dictionary words to crack passwords
Brute force attack
a password attack method that attempts every possible combination of characters and lengths until it identifies the password.
Hybrid attack
a password attack that is a combination of dictionary and brute force attacks which adds numbers and special characters to a dictionary word in an attempt to crack a password
Shadow password
a password protection technique that stores passwords as hashes rather than clear text
a suffix of random characters added to a password before it is encrypted.,
Honey pot
a device or server used to attract and lure attackers into trying to access it thereby removing attention from actual critical systems.,
Honey net
a group of honeypots used to more accurately portray an actual network.,
Attack surface
and aspect of your software application that is vulnerable for an attacker to exploit.,
Design review
a review of the initial product design specifications
Code review
" and a detailed line by line review of the developers code by another developer to identify performance, efficiency, or security related issues.",
Penetration testing
and evaluation of the security of a network or system by actively simulating an attack.,
White box testing
a testing method where the user testing the system's security or functionality has prior knowledge of its configuration, code and design
Black box testing
a testing method where the user testing the system's security or functionality has no prior knowledge of its configuration, code and design
Gray box testing
hybrid testing methodology that includes aspects of both white box and blackbox testing. It uses some prior knowledge of how the software application is designed at the testing is performed from the perspective of an end-user.,