Use LEFT and RIGHT arrow keys to navigate between flashcards;
Use UP and DOWN arrow keys to flip the card;
H to show hint;
A reads text to speech;
15 Cards in this Set
- Front
- Back
Real user monitoring RUM |
Aims to capture and analyze every transaction of every user of a website or application. |
|
Synthetic performance monitoring/proactive monitoring |
Having external agents run scripted transactions against a web application. |
|
Most security vulnerabilities are caused by |
Bad programming patterns Misconfigured security infrastructures Functional bugs in security infrastructures Logical flaws in the implemented process |
|
Selecting a security testing method or tool considerations |
Attack surface Application type Quality of results and usability Supported technologies Performance and resource utilization |
|
Static source code analysis and manual code review |
Analysis of the application source code for finding vulnerabilities without actually executing the application |
|
Static binary code analysis and manual binary code review |
Analysis of the compiled application binary for finding vulnerabilities without actually executing the application. In general this is similar to source code analysis but is not as precise and fix recommendations typically cannot be provided. |
|
Testing tenants include |
The expected test outcome is predefined A good test case has a high probability of exposing an error A successful test is one that finds an error There is independence from coding Both application and software expertise are employed Testers are different tools from coders Examining only the usual case is insufficient Test documentation permits its reuse and an independent confirmation of the pass/fail status of a test outcome during subsequent review |
|
Common structural coverage metrics include |
Statement coverage Decision coverage Conditioned coverage Multi-conditioned coverage Loop coverage Path coverage Data flow coverage |
|
Two main testing strategies in software testing |
Positive and negative |
|
Positive testing |
Determines that your application works as expected. If an error is encountered during this testing the test fails. |
|
Negative testing |
Ensures that your application can gracefully handle invalid input or unexpected user behavior. |
|
Information security continuous monitoring ISCM |
Maintaining ongoing awareness of information security, phone her abilities, and threats to support organizational risk management decisions. |
|
Process for developing ISCM |
Define Establish Implement Analyze Respond Review |
|
NIST SP 800-137 |
Discusses the information security continuous monitoring program ISCM |
|
Common service organization control report period. |
12 month period |