Study your flashcards anywhere!

Download the official Cram app for free >

  • Shuffle
    Toggle On
    Toggle Off
  • Alphabetize
    Toggle On
    Toggle Off
  • Front First
    Toggle On
    Toggle Off
  • Both Sides
    Toggle On
    Toggle Off
  • Read
    Toggle On
    Toggle Off

How to study your flashcards.

Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key

Up/Down arrow keys: Flip the card between the front and back.down keyup key

H key: Show hint (3rd side).h key

A key: Read text to speech.a key


Play button


Play button




Click to flip

15 Cards in this Set

  • Front
  • Back

Real user monitoring RUM

Aims to capture and analyze every transaction of every user of a website or application.

Synthetic performance monitoring/proactive monitoring

Having external agents run scripted transactions against a web application.

Most security vulnerabilities are caused by

Bad programming patterns

Misconfigured security infrastructures

Functional bugs in security infrastructures

Logical flaws in the implemented process

Selecting a security testing method or tool considerations

Attack surface

Application type

Quality of results and usability

Supported technologies

Performance and resource utilization

Static source code analysis and manual code review

Analysis of the application source code for finding vulnerabilities without actually executing the application

Static binary code analysis and manual binary code review

Analysis of the compiled application binary for finding vulnerabilities without actually executing the application. In general this is similar to source code analysis but is not as precise and fix recommendations typically cannot be provided.

Testing tenants include

The expected test outcome is predefined

A good test case has a high probability of exposing an error

A successful test is one that finds an error

There is independence from coding

Both application and software expertise are employed

Testers are different tools from coders

Examining only the usual case is insufficient

Test documentation permits its reuse and an independent confirmation of the pass/fail status of a test outcome during subsequent review

Common structural coverage metrics include

Statement coverage

Decision coverage

Conditioned coverage

Multi-conditioned coverage

Loop coverage

Path coverage

Data flow coverage

Two main testing strategies in software testing

Positive and negative

Positive testing

Determines that your application works as expected. If an error is encountered during this testing the test fails.

Negative testing

Ensures that your application can gracefully handle invalid input or unexpected user behavior.

Information security continuous monitoring ISCM

Maintaining ongoing awareness of information security, phone her abilities, and threats to support organizational risk management decisions.

Process for developing ISCM







NIST SP 800-137

Discusses the information security continuous monitoring program ISCM

Common service organization control report period.

12 month period