Important Software Security Terms You Should Know
source link: https://hackernoon.com/important-software-security-terms-you-should-know-5b5i318e
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Important Software Security Terms You Should Know
@smartscannerSmartScanner
Smart Vulnerability Scanner
Everyone in the IT industry should be aware of software security basics. It doesn’t matter if you’re a developer, system engineer, or product manager; security is everyone’s responsibility. Here’s your guide to essential software security terms.
1- Vulnerability
In computer security, a security issue or vulnerability is a weakness or flaw which allows malicious users to perform unauthorized actions. For example, SQL Injection is a vulnerability that can be used to run SQL commands on the database.
2- Exploit
An exploit is a piece of code or commands. Exploits can compromise the systems or data of an organization. Malicious users take profit from vulnerabilities using exploit tactics.
3- Security Incident
A security incident is the event of an unauthorized action, like a breach in the system. It is often the result of the successful exploitation of a vulnerability.
4- Zero-day Attack
A zero-day attack is exploiting a zero-day vulnerability; a zero-day vulnerability is an unknown weakness. It’s unexplained to the vendor of the target application or others who are interested in fixing it.
5- CIA Triad
Confidentiality, Integrity, and Availability of data is the CIA triad. Balanced protection of the CIA is the main focus of information security.
6- Security Risk
In simple terms, the security risk is the probability and impact of a security incident. In software security, the impact is determined by the effect of the security incident on the CIA triad.
7- Vulnerability Management
Vulnerability management is an always ongoing cycle of identifying, prioritizing, remediating software vulnerabilities. Vulnerability management is a must-have process for any organization as part of its information security program.
8- Vulnerability Assessment
Vulnerability assessment is the process of identifying and prioritizing the vulnerabilities in software systems.
9- Vulnerability Scanning
Vulnerability scanning refers to identifying vulnerabilities in computer systems. It can be done manually or using automated tools called vulnerability scanners.
10- Penetration Test
A penetration test -- or pen test -- is a test for evaluating the security of the system. A pen test or ethical hacking is an authorized attack. Unlike vulnerability assessment, a penetration test tries to exploit vulnerabilities for better estimation of the risk. A penetration tester also finds the strength of the system. The results of a penetration test can be used to complete a full risk assessment.
11- OWASP
The Open Web Application Security Project (OWASP) is an online community that produces freely-available articles, methodologies, documentation, tools, and technologies in the field of web application security. The most famous project of the OWASP is the OWASP Top 10. It’s a standard awareness document for developers and web application security. It represents a broad consensus about the most critical security risks to web applications.
12- ISMS
Information Security Management System (ISMS) is how an organization is managing the security of its data. It consists of processes, policies, and controls to protect overall information security. The ISO/IEC 27001 is widely known for providing requirements for ISMS.
13- Threat Actor
A threat actor, or malicious user, is the one responsible for a security incident.
14- Attack Surface
Attack surface or attack vector is where an attack can be started. For example, an online email subscription form on a website is an attack surface. Other examples are zero-day vulnerabilities, lack of encryption, or misconfigurations.
Smart Vulnerability Scanner
Create your free account to unlock your custom reading experience.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK