13 - Software Security

This set of flashcards covers key vocabulary terms related to software security, their definitions, and practices for maintaining security.

Confidentiality

Protecting information from being accessed by unauthorized parties.

Integrity

Ensures that information is not altered and the source of the information is genuine.

Availability

Ensuring that information is accessible by authorized users.

Authentication

Process of uniquely identifying the clients of your applications and services.

Non-repudiation

Ensures that a user cannot deny performing an operation or initiating a transaction.

Authorization

Process of ensuring the right user can access only what they are supposed to do.

Threat modeling

A practice that allows development teams to consider, document, and discuss security implications in context.

Vulnerability

A weakness in some aspect of a system that makes a threat possible.

Countermeasure

A safeguard that addresses a threat and mitigates risk.

Spoofing

Attempting to gain access to a system by using a false identity.

Tampering

Malicious modification of data.

Denial of Service (DoS)

Denying service to valid users.

Elevation of Privilege

Unprivileged user gains privileged access.

Fuzz testing

Generating random invalid/malformed inputs to test a program.

Penetration testing

Simulates a hacker's actions to find vulnerabilities in a system.

Dynamic Application Security Testing (DAST)

Tools that perform attacks and check the application’s ability to handle these threats.

Secure Coding Standards

Guidelines that help developers write secure code.

Static Analysis

Method of debugging by examining code without executing it.

Incident response process

A pre-prepared approach for handling security incidents.

Risk assessment

The process of identifying and analyzing potential issues that could negatively impact key business initiatives.

Cybersecurity hygiene

The practice of employing basic cybersecurity measures to protect systems and information.