Software Security Fundamentals

0.0(0)
studied byStudied by 0 people
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/14

flashcard set

Earn XP

Description and Tags

Flashcards covering key vocabulary and concepts from a lecture on software security, including vulnerabilities, web application risks, and security best practices.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

15 Terms

1
New cards

Computer Software

Compiled code of instructions (.exe) usually installed to run on server or client.

2
New cards

Software Vulnerabilities

Weaknesses or flaws present in code that can impact performance and security, allowing threats to exploit or gain access.

3
New cards

Software Patching

Ensuring systems have up-to-date patches and is an effective software security practice.

4
New cards

Access Management

Enforcing the principle of Least Privilege for users, systems and applications to allow the minimum access privileges required to perform their job functions.

5
New cards

Secure Configuration

Ensuring IT system is secured by a security baseline according to security policy that is aligned to security standard adopted and approved by CISO.

6
New cards

Web Application

Application software that runs on a web server and is accessed through a web browser.

7
New cards

OWASP (Open Web Application Security Project Foundation)

A non-profit organization aimed at spreading awareness of software security.

8
New cards

Injection

Category name for attacks involving malicious code or scripts being 'injected' into applications or systems. Includes SQL Injection and Cross-Site Scripting (XSS)

9
New cards

SQL Injection

An attack where a hacker can change the app's code that contains the SQL query part, leading to unauthorized access, modification, or deletion of data in the database.

10
New cards

Cross-Site Scripting (XSS)

A security vulnerability found in websites and web applications that accept user input, where attackers attach malicious code that executes when a victim loads the website.

11
New cards

Input validation

Verifying whether the type of input submitted by a user is allowed, ensuring it is the accepted type, length, and format.

12
New cards

Cookie

A small text file that a Web server stores on your computer to track user preferences or store login information.

13
New cards

Session

A server-side storage of information that stores information of the user’s interaction with the website or web application

14
New cards

Cross-Site Request Forgery (CSRF or XSRF)

An attack against cookie-based authentication where the attacker leads the user to perform an action that sends an HTTP request to a website on behalf of the user.

15
New cards

XSRF Prevention

Requires the use of a challenge token or an unpredictable token in the body or URL of each HTTP request.