Across
- 1. A method of AppSec testing in which testers examine an application while it’s running, but have no knowledge of the application’s internal interactions or designs at the system level, and no access or visibility into the source program.
- 5. A trending practice in application security (AppSec) that involves introducing security earlier in the software development life cycle (SDLC).
- 6. A descriptive model that provides a baseline of observed activities for software security initiatives.
- 8. An automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities.
- 10. Software that is distributed with its source code, making it available for use, modification, and distribution with its original rights.
- 12. A type of social engineering attack that aims to exploit the naivety and/or gullibility of legitimate system users.
Down
- 2. The processes, practices, and tools used to identify, repair, and protect against vulnerabilities in applications, throughout the software development life cycle (SDLC)
- 3. The combination of practices and tools designed to increase an organization’s ability to deliver applications and services faster than traditional software development processes
- 4. A structured process with these objectives: identify security requirements, pinpoint security threats and potential vulnerabilities, quantify threat and vulnerability criticality, and prioritize remediation methods.
- 7. An authorized simulated attack performed on a computer system to evaluate its security. Penetration testers use the same tools, techniques, and processes as attackers to find and demonstrate the business impacts of weaknesses in a system.
- 9. Flaw in a computer system that weaken the overall security of the device/system.
- 11. An inventory of what makes up a software application