Software Security - Week 11

Flashcards for reviewing Software Security concepts.

Security Testing

A process used to identify vulnerabilities, weaknesses, and potential threats in software systems, networks, or applications.

Assets to Protect

Applications, data, servers, APIs, user credentials, etc.

Threats

Potential attacks.

Vulnerabilities

System flaws that can be exploited.

Risk

Threat x Vulnerability x Impact

Remediation

Fixing vulnerabilities through patching, configuration, or mitigation.

Confidentiality

Ensuring data is not disclosed to unauthorized individuals or systems.

Integrity

Maintaining the accuracy and completeness of data.

Authentication

Verifying the identity of users, devices, or processes.

Authorization

Granting or denying access rights and permissions to resources.

Availability

Ensuring that systems and data are accessible when needed.

Non-repudiation

Providing undeniable proof of actions or events.

Vulnerability Scanning

Automated software scanning for known vulnerability signatures.

Security Scanning

Identifying network and system weaknesses and providing solutions.

Penetration Testing

Simulating an attack from a malicious hacker to find potential vulnerabilities.

Risk Assessment

Analyzing security risks and recommending controls and measures.

Security Auditing

An internal inspection of applications and operating systems for security flaws.

Ethical Hacking

Hacking an organization's software systems to expose security flaws.

Posture Assessment

Combining security scanning, ethical hacking, and risk assessments to show an overall security posture.

Black Box Testing

Testing functionality without knowledge of internal code.