Академический Документы
Профессиональный Документы
Культура Документы
Chapter 04
I.
Fix security issues correctly: Once found, security vulnerabilities should be thoroughly
tested, documented, and understood. Patches should be developed to fix the problem, but
not cause other issues or application regression.
12. Black-Box Testing
Black-box testing, when people test a system but have no specific knowledge of the
system code involved with the system.
13. White-Box Testing
White-box testing, a method of testing applications or systems where the tester is given
access to the internal workings of the system."
14. Cookies,
A piece of text stored by a website
Can be used for authentication, shopping carts, and sessions
Mini-lab: Adjust the Cookies Slider Within the Privacy Tab of the Internet
Options Dialog Box in IE
Differences between tracking cookies and session cookies
15. Sandbox
When a web script runs in its own environment for the express purpose of not interfering
with other processes
16. Systems development life cycle (SDLC),
Systems development life cycle (SDLC)an organized process of planning, developing,
testing, deploying, and maintaining systems and applications, and the various
methodologies used to do so.
17. Input Validation
Integer overflow, when arithmetic operations attempt to create a numeric value that is too
big for the available memory space.
18. Fuzz Testing
Fuzz testing (or fuzzing) is another smart concept. This is where random data is inputted
into a computer program in an attempt to find vulnerabilities. This is often done without
knowledge of the source code of the program. The program to be tested is run, has data
inputted to it, and is monitored for exceptions such as crashes.
19. Buffer Overflow
When a process stores data outside of the memory that the developer intended
20. Integer Overflow
Integer overflow, when arithmetic operations attempt to create a numeric value that is too
big for the available memory space. In this attack (also known as a one- click
attack), the users browser is compromised and transmits unauthorized
commands to the website. The chances of this attack can be reduced
by requiring tokens on web pages that contain forms, special
authentication techniques (possibly encrypted), scanning .XML files
(which could contain the code required for unauthorized access), and
submitting cookies twice instead of once, while verifying that both
cookie submissions match.
firewall, or other firewall device, you need to update the devices ROM by
downloading the latest image from the manufacturers website.
6. Maintain the disksThis means running a disk cleanup program regularly and
checking to see whether the hard disk needs to be defragmented from once a week to
once a month depending on the amount of usage. It also means creating restore
points, doing computer backups, or using third-party backup or drive imaging
software.
3. What are the six phases of the SDLC?
Systems development life cycle (SDLC)an organized process of planning, developing,
testing, deploying, and maintaining systems and applications, and the various methodologies used to do so. The SDLC can be broken down into several phases, including
1. Planning and analysisGoals are determined, needs are assessed, and high-level
planning is accomplished.
2. Systems designThe design of the system or application is defined and diagramed in
detail.
3. ImplementationThe code for the project is written.
4. TestingThe system or application is checked thoroughly in a testing environment.
5. DeploymentThe system or application is put into production and is now available to
end- users.
6. MaintenanceSoftware is monitored and updated throughout the rest of its life cycle.