Software Security - Week 12

0.0(0)
studied byStudied by 0 people
linked notesView linked note
learnLearn
examPractice Test
spaced repetitionSpaced Repetition
heart puzzleMatch
flashcardsFlashcards
Card Sorting

1/19

flashcard set

Earn XP

Description and Tags

Flashcards for reviewing software security concepts from lecture notes.

Study Analytics
Name
Mastery
Learn
Test
Matching
Spaced

No study sessions yet.

20 Terms

1
New cards

Black Box Testing

Testing the functionality of an application without knowledge of its internal implementation or code paths.

2
New cards

White Box Testing

A software testing technique where the tester has complete knowledge of the internal structure, code, and implementation of the system.

3
New cards

Grey Box Testing

A testing technique that combines elements of both white box and black box testing, where the tester has partial knowledge of the internal workings of the system.

4
New cards

Matrix Security Testing

Focuses on the variables within a program, enumerating them, evaluating risks, and ensuring they are used correctly and efficiently.

5
New cards

Regression Testing

Verifies that an application still passes tests after being modified to add functionality or fix security issues.

6
New cards

Pattern Testing

Investigates the past of an application to identify trends that have caused defects, predicting future issues.

7
New cards

Orthogonal Array Testing (OAT)

Uses statistics to create a set of test cases that provides good test coverage without exhaustive testing, optimizing test cases to reduce redundancy.

8
New cards

Penetration Testing (Pen Testing)

A security testing technique used to evaluate the security of a system by simulating a real-world attack.

9
New cards

Network Penetration Testing

Tests network infrastructure, including routers and firewalls, for vulnerabilities.

10
New cards

Web Application Penetration Testing

Tests web applications for vulnerabilities such as SQL injection or XSS.

11
New cards

Mobile Penetration Testing

Focuses on mobile apps to find security loopholes, such as testing API calls.

12
New cards

Wireless Penetration Testing

Analyzes Wi-Fi networks for weaknesses, such as cracking weak encryption.

13
New cards

Social Engineering Penetration Testing

Tests human factors by tricking users into revealing data, such as through phishing emails.

14
New cards

Cloud Penetration Testing

Tests vulnerabilities specific to cloud environments, such as misconfigured S3 buckets.

15
New cards

WHOIS

A widely used internet protocol and database that provides information about registered domain names.

16
New cards

Network Enumeration and Scanning

Scanning programs that identify live hosts, open ports, services, and other information on a network.

17
New cards

Vulnerability Testing and Exploitation

Checking hosts for known exploitable vulnerabilities to assess their potential severity.

18
New cards

Security Development Lifecycle (SDL)

A process for integrating security measures into software development to reduce vulnerabilities.

19
New cards

Input Validation

Always validate and sanitize user input to prevent security vulnerabilities such as SQL injection and XSS.

20
New cards

Wireshark

A widely-used open-source network protocol analyzer and packet sniffing tool.