Term
| A list of the most widespread and critical errors that can lead to serious vulnerabilities in software. |
|
Definition
| 2011 CWE/SANS Top 25 Most Dangerous Software Errors |
|
|
Term
| Contain security event information such as successful and failed authentication attempts, file accesses, security policy changes, account changes, and use of privileges. |
|
Definition
|
|
Term
| A manual review of the product architecture to ensure that it fulfills the necessary security requirements |
|
Definition
| Architecture Security Reviews |
|
|
Term
| Tests an application for the use of system components or configurations that are known to be insecure |
|
Definition
| Automated Vulnerability Scanners |
|
|
Term
| This criteria requires sufficient test cases for each condition in a program decision to take on all possible outcomes at least once. It differs from branch coverage only when multiple conditions must be evaluated to reach a decision. |
|
Definition
|
|
Term
| This criteria requires sufficient test cases for each feasible data flow to be executed at least once. |
|
Definition
|
|
Term
| Considered to be a minimum level of coverage for most software products, but decision coverage alone is insufficient for high-integrity applications. |
|
Definition
| Decision (Branch) Coverage |
|
|
Term
| Maintaining ongoing awareness of information security, vulnerabilities, and threats to support organizational risk management decisions. |
|
Definition
| Information Security Continuous Monitoring (ISCM) |
|
|
Term
| Real-time monitoring of events as they happen in a computer system or network, using audit trail records and network traffic and analyzing events to detect potential intrusion attempts. |
|
Definition
| Intrusion Detection Systems (IDS) |
|
|
Term
| Any hardware or software mechanism that has the ability to detect and stop attacks in progress. |
|
Definition
| Intrusion Prevention Systems (IPS) |
|
|
Term
| Any hardware or software mechanism that has the ability to detect and stop attacks in progress. |
|
Definition
| Intrusion Prevention Systems (IPS) |
|
|
Term
| This criteria requires sufficient test cases for all program loops to be executed for zero, one, two, and many iterations covering initialization, typical running, and termination (boundary) conditions. |
|
Definition
|
|
Term
| A Use Case from the point of view of an Actor hostile to the system under design. |
|
Definition
|
|
Term
| This criteria requires sufficient test cases to exercise all possible combinations of conditions in a program decision. |
|
Definition
|
|
Term
| Ensures the application can gracefully handle invalid input or unexpected user behavior. |
|
Definition
|
|
Term
| This criteria requires sufficient test cases for each feasible path, basis path, etc., from start to exit of a defined program segment, to be executed at least once. |
|
Definition
|
|
Term
| Determines that your application works as expected. |
|
Definition
|
|
Term
| An approach to web monitoring that aims to capture and analyze every transaction of every user of a website or application. |
|
Definition
| Real User Monitoring (RUM) |
|
|
Term
| The determination of the impact of a change based on review of the relevant documentation. |
|
Definition
|
|
Term
| The determination of the impact of a change based on review of the relevant documentation. |
|
Definition
|
|
Term
| The process for generating, transmitting, storing, analyzing, and disposing of computer security log data. |
|
Definition
|
|
Term
| This criteria requires sufficient test cases for each program statement to be executed at least once; however, its achievement is insufficient to provide confidence in a software product's behavior. |
|
Definition
|
|
Term
| Analysis of the application source code for finding vulnerabilities without actually executing the application. |
|
Definition
| Static Source Code Analysis (SAST) |
|
|
Term
| Involves having external agents run scripted transactions against a web application. |
|
Definition
| Synthetic Performance Monitoring |
|
|
Term
| Operational actions performed by OS components, such as shutting down the system or starting a service. |
|
Definition
|
|
Term
| A process by which developers can understand security threats to a system, determine risks from those threats, and establish appropriate mitigations. |
|
Definition
|
|
Term
| Abstract episodes of interaction between a system and its environment. |
|
Definition
|
|
Term
| The determination of the correctness, with respect to the user needs and requirements, of the final program or software produced from a development project. |
|
Definition
|
|
Term
| The authentication process by which the biometric system matches a captured biometric against the person's stored template. |
|
Definition
|
|
Term
| Log the patch installation history and vulnerability status of each host, which includes known vulnerabilities and missing software updates. |
|
Definition
| Vulnerability Management Software |
|
|
Term
| Intermediate hosts through which websites are accessed. |
|
Definition
|
|
Term
| A design that allows one to peek inside the "box" and focuses specifically on using internal knowledge of the software to guide the selection of test data. |
|
Definition
|
|
