Create
Learn
Share

Domain 6 Security Assessment and Testing

rename
klct555's version from 2017-06-13 22:06

Domain 6 Security Assessment and Testing

Question Answer
2011-CWE/SANS Top 25 Most Dangerous Software ErrorsA list of the most widespread and critical errors that can lead to serious vulnerabilities in software.
Audit RecordsContain security event information such as successful and failed authentication attempts, file accesses, security policy changes, account changes, and use of privileges.
Architecture Security ReviewsA manual review of the product architecture to ensure that it fulfills the necessary security requirements.
Automated Vulnerability ScannersTests an application for the use of system components or configurations that are known to be insecure.
Condition CoverageThis criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
Data Flow CoverageThis criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision.
Decision (Branch) CoverageConsidered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity application.
Information Security Continuous Monitoring (ISCM)Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions.
Intrusion Detection Systems (IDS)Real-time monitoring of events as they happen in a computer system or network,using audit trail records and network traffic and analyzing events to detect potential intrusion attempts.
Intrusion Prevention Systems (IPS)Any hardware or software mechanism that has the ability to detect and stop attacks in progress.
LogA record of the events occurring within an organization's systems and networks.
Loop CoverageThis criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions.
Misuse CaseA Use Case form the point of view of an Actor hostile to the system under design.
Multi-Condition CoverageThis criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision.
Negative TestingEnsure the application can gracefully handle invalid input or unexpected user behavior.
Path CoverageThis criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once.
Positive TestingDetermines that your application works as expected.
Real User Monitoring (RUM)An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application.
Regression AnalysisThe determination of the impact of a change based on review of the relevant documentation.
Security Log ManagementThe process for generating, transmitted, storing, analyzing, and disposing of computer security log data.
Statement CoverageThis criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product’s behavior.
Static Source Code Analysis (SAST)Analysis of the application source code for finding vulnerabilities without actually executing the application.
Synthetic Performence MonitoringInvolves having external agents run scripted transactions against a web application.
System EventsOperational actions performed by OS components, such as shutting down the system or starting a service.
Threat ModelingA process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations.
Use CasesAbstract episodes of interaction between a system and its environment.
ValidationThe determination of the correctness, with respect to the user needs and requirements, of the final program or software produced from a development project.
VerificationThe authentication process by which the biometric system matches a captured biometric against the person’s stored template.
Vulnerability Management SoftwareLog the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates.
Web ProxiesIntermediate hosts through which websites are accessed.
White-box TestingA design that allows one to peek inside the “box” and focuses specifically on using internal knowledge of the software to guide the selection fo test data.
memorize

Recent badges