Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off
Reading...
Front

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key

image

Play button

image

Play button

image

Progress

1/15

Click to flip

15 Cards in this Set

  • Front
  • Back

Real user monitoring RUM

Aims to capture and analyze every transaction of every user of a website or application.

Synthetic performance monitoring/proactive monitoring

Having external agents run scripted transactions against a web application.

Most security vulnerabilities are caused by

Bad programming patterns


Misconfigured security infrastructures


Functional bugs in security infrastructures


Logical flaws in the implemented process

Selecting a security testing method or tool considerations

Attack surface


Application type


Quality of results and usability


Supported technologies


Performance and resource utilization

Static source code analysis and manual code review

Analysis of the application source code for finding vulnerabilities without actually executing the application

Static binary code analysis and manual binary code review

Analysis of the compiled application binary for finding vulnerabilities without actually executing the application. In general this is similar to source code analysis but is not as precise and fix recommendations typically cannot be provided.

Testing tenants include

The expected test outcome is predefined


A good test case has a high probability of exposing an error


A successful test is one that finds an error


There is independence from coding


Both application and software expertise are employed


Testers are different tools from coders


Examining only the usual case is insufficient


Test documentation permits its reuse and an independent confirmation of the pass/fail status of a test outcome during subsequent review

Common structural coverage metrics include

Statement coverage


Decision coverage


Conditioned coverage


Multi-conditioned coverage


Loop coverage


Path coverage


Data flow coverage

Two main testing strategies in software testing

Positive and negative

Positive testing

Determines that your application works as expected. If an error is encountered during this testing the test fails.

Negative testing

Ensures that your application can gracefully handle invalid input or unexpected user behavior.

Information security continuous monitoring ISCM

Maintaining ongoing awareness of information security, phone her abilities, and threats to support organizational risk management decisions.

Process for developing ISCM

Define


Establish


Implement


Analyze


Respond


Review

NIST SP 800-137

Discusses the information security continuous monitoring program ISCM

Common service organization control report period.

12 month period