Secure Programming - CSS-2751

A collection of vocabulary flashcards based on the lecture notes for Secure Programming CSS-2751.

Buffer Overflow

A memory management failure where data overflows a segment and overwrites other sections, potentially allowing attackers to execute malicious code.

Code Injection

The insertion of additional code into an application via unsanitized input, which alters application behavior and can lead to unauthorized actions.

Input Validation

The process of verifying user-provided input for compliance with expected data types, done through whitelisting or blacklisting.

Input Sanitization

The process of cleaning user input to prevent harmful commands, such as removing special characters before processing.

Static Analysis

Analysis of source code or compiled code to find coding mistakes without executing the program.

Dynamic Analysis

Testing methods applied to an actively running program or device to examine its behavior.

Fuzzing

An automated testing technique that feeds random or invalid input to a device to uncover crashes or exploits.

Black-Box Testing

A testing method where the tester does not have access to internal workings of a system and tests the outputs based on known inputs.

White-Box Testing

A testing approach where the tester has full knowledge of the internal structure, source code, and workings of the system being tested.

Bug Bounties

Programs offered by companies where ethical hackers report discovered exploits for rewards.

Defense In Depth

A layered security strategy that ensures protection remains even if one layer fails.

Security by Design

The principle of designing software with security in mind from the outset, emphasizing readable code, secure components, and proactive measures.