Cybersecurity Fundamentals II

A comprehensive set of flashcards covering key vocabulary and concepts related to Software Security and Cybersecurity fundamentals.

Software Security

The practice of protecting software applications from security vulnerabilities.

Secure Software Development

A methodology that incorporates security at every stage of the software development lifecycle.

Insecure Interaction Between Components

A category of software error that occurs when software components do not securely interact with each other.

SQL Injection

A security vulnerability that allows an attacker to interfere with the queries that an application makes to its database.

Cross-Site Scripting (XSS)

A vulnerability that allows an attacker to inject malicious scripts into content from otherwise trusted websites.

Buffer Overflow

A vulnerability that occurs when a program writes more data to a block of memory than it can hold.

Injection Flaws

Security vulnerabilities that occur when an application fails to properly validate input.

Authentication Bypass

A flaw that allows users to gain unauthorized access to systems or data without proper credentials.

Race Condition

A situation where the outcome of a process is unexpectedly affected by the timing of events.

OWASP Top Ten

A list of the ten most critical security risks to web applications as identified by the Open Web Application Security Project.

Secure Design

Principles that guide the creation of secure software architectures.

Secure Programming

Programming practices that ensure the software is written with security in mind.

CWE/SANS Top 25

A list of the most dangerous software errors that can lead to security vulnerabilities.

Vulnerable Components

Librarie or parts of software that are known to have security vulnerabilities.

Plaintext Passwords

Storing passwords in a readable format without encryption.

Input Validation

The process of ensuring that a program only accepts input that is safe and valid.

Output Encoding

Transforms output data to ensure security, particularly in web applications.

Cryptographic Failures

Weaknesses in cryptographic methods that may compromise security.

Least Privilege

A security principle that dictates that users should only have the minimum levels of access— or permissions— needed to perform their job functions.

Error Handling

The process of responding to and recovering from error conditions.

Memory Leak

A failure in a program to release discarded memory, causing reducing memory availability.

Secure Program

A program designed to operate correctly in the presence of malicious inputs.

Data Integrity

The accuracy and consistency of stored data over its life cycle.

Error States

Conditions where a program cannot continue normal execution due to a problem.

Dynamic Memory Allocation

The process of allocating memory storage at runtime.

Environment Variables

Dynamic named values that can affect the behavior of running processes.

Testing and Validation

The processes to ensure that software meets specifications and requirements.

Security Logging

The process of keeping records of events that happen in a system.

Safe Temporary Files

Files created for temporary purposes that do not expose sensitive data.

Debugging

The process of finding and resolving defects or problems within a computer program.

Code Review

A systematic examination of computer source code.

Access Control

The process of limiting access to data and resources based on policies.

Application Security

The use of software, hardware, and procedural methods to protect applications.

Software Development Lifecycle (SDLC)

The process of planning, creating, testing, and deploying software.

Agile Development

An iterative approach to software development.

Waterfall Model

A linear and sequential approach to software development.

Secure Coding Standards

Best practices and guidelines for writing secure code.

Cross-Site Request Forgery (CSRF)

An attack that tricks the victim into submitting a request to a web application.

Impact of Vulnerabilities

The consequences of security weaknesses that can be exploited.

Coding Best Practices

Recommendations that help developers write software that is secure, maintainable, and efficient.

Privileged User

A user with special access or permissions to a computer system or network.

Secure Data Transmission

The use of encryption and other methods to protect data being sent over networks.

Penetration Testing

An ethical hacking technique used to evaluate the security of a computer system.

Fuzz Testing

A technique for discovering security loopholes and bugs by inputting random data.

Binary Interpretation of Inputs

How different types of data are read by the program based on the encoding.

Integrity Check

A process used to ensure data is not altered or tampered with.

User Authentication

The process of verifying the identity of a user.

Input Fuzzing

Using random data as input to check how well a program handles surprises.

Privacy Policy

A document that outlines how a company collects, uses, and protects user information.

Data Exposure

When sensitive information is accessible to unauthorized individuals.

Scripting Languages

Programming languages primarily used for writing scripts.

Computer Algorithm

A set of step-by-step instructions for performing a task.

Hard-coded Credentials

Storing sensitive information like usernames and passwords directly in the application's code.

Malicious Script

Code intentionally written to cause unwanted actions on a computer system.

User Input

Data provided by the user, potentially affecting program execution.

System Architecture

The conceptual model that defines the structure and behavior of a system.

Static Code Analysis

The analysis of source code without executing it to find bugs.

Security Assumptions

Beliefs that systems will behave in certain ways, which can lead to vulnerabilities.