2 cissp ® Official Study Guide Eighth Edition


Exam Essentials Understand the importance of security assessment and testing programs



Download 19,3 Mb.
Pdf ko'rish
bet642/881
Sana08.04.2023
Hajmi19,3 Mb.
#925879
1   ...   638   639   640   641   642   643   644   645   ...   881
Bog'liq
(CISSP) Mike Chapple, James Michael Stewart, Darril Gibson - CISSP Official Study Guide-Sybex (2018)

691
Exam Essentials
Understand the importance of security assessment and testing programs.
Security assess-
ment and testing programs provide an important mechanism for validating the ongoing 
effectiveness of security controls. They include a variety of tools, including vulnerability 
assessments, penetration tests, software testing, audits, and security management tasks 
designed to validate controls. Every organization should have a security assessment and 
testing program defined and operational.
Conduct vulnerability assessments and penetration tests.
Vulnerability assessments use 
automated tools to search for known vulnerabilities in systems, applications, and networks. 
These flaws may include missing patches, misconfigurations, or faulty code that expose the 
organization to security risks. Penetration tests also use these same tools but supplement 
them with attack techniques where an assessor attempts to exploit vulnerabilities and gain 
access to the system.
Perform software testing to validate code moving into production.
Software testing tech-
niques verify that code functions as designed and does not contain security flaws. Code 
review uses a peer review process to formally or informally validate code before deploying 
it in production. Interface testing assesses the interactions between components and users 
with API testing, user interface testing, and physical interface testing.
Understand the difference between static and dynamic software testing.
Static software 
testing techniques, such as code reviews, evaluate the security of software without run-
ning it by analyzing either the source code or the compiled application. Dynamic testing 
evaluates the security of software in a runtime environment and is often the only option for 
organizations deploying applications written by someone else.

Download 19,3 Mb.

Do'stlaringiz bilan baham:
1   ...   638   639   640   641   642   643   644   645   ...   881



Ma'lumotlar bazasi mualliflik huquqi bilan himoyalangan ©hozir.org 2024
ma'muriyatiga murojaat qiling
kiriting | ro'yxatdan o'tish
    Bosh sahifa
юртда тантана
Боғда битган
Бугун юртда
Эшитганлар жилманглар
Эшитмадим деманглар
битган бодомлар
Yangiariq tumani
qitish marakazi
Raqamli texnologiyalar
ilishida muhokamadan
tasdiqqa tavsiya
tavsiya etilgan
iqtisodiyot kafedrasi
steiermarkischen landesregierung
asarlaringizni yuboring
o'zingizning asarlaringizni
Iltimos faqat
faqat o'zingizning
steierm rkischen
landesregierung fachabteilung
rkischen landesregierung
hamshira loyihasi
loyihasi mavsum
faolyatining oqibatlari
asosiy adabiyotlar
fakulteti ahborot
ahborot havfsizligi
havfsizligi kafedrasi
fanidan bo’yicha
fakulteti iqtisodiyot
boshqaruv fakulteti
chiqarishda boshqaruv
ishlab chiqarishda
iqtisodiyot fakultet
multiservis tarmoqlari
fanidan asosiy
Uzbek fanidan
mavzulari potok
asosidagi multiservis
'aliyyil a'ziym
billahil 'aliyyil
illaa billahil
quvvata illaa
falah' deganida
Kompyuter savodxonligi
bo’yicha mustaqil
'alal falah'
Hayya 'alal
'alas soloh
Hayya 'alas
mavsum boyicha

yuklab olish