CySA+
  • CySA+ CS0-002 Exam Objectives
  • Threat Intelligence Cycle
  • Intelligence Sources
  • Security Intelligence Sharing
  • Threat Classification and Threat Actors
  • Threat Research and Indicators of Compromise
  • Attack Frameworks and The Cyber Kill Chain
  • Defining Threat Modeling and Threat Hunting
  • Vulnerability Identification and Validation
  • Vulnerability Scan Results and CVSS Scores
  • Nmap and Enumeration
  • Security Controls
  • Defense in Depth Security Baselines
  • Security Trend Analysis
  • Remediation Issues
  • Asset, Change, and Configuration Management
  • Software Development Lifecycle & Development Models
  • Software Assessment and Code Review
  • Mitigating Attack Types Part 1
  • Mitigating Attack Types Part 2
  • Mitigating Attack Types Part 3
  • Password Cracking and Hashing
  • Privilege Escalation & Man-in-the-Middle
  • Network Based IoCs
  • Host Based IoCs
  • Network Architecture and Segmentation
  • Network Traffic, Packet, and Protocol Analysis
  • Pentesting and Active Defense
  • Firewalls
  • URL Analysis & DNS in Malware
  • Network Access Control and Port Security
  • Identity and Access Management (IAM)
  • Web Application Scanners
  • SSL/TLS Digital Certificate Management
  • Mobile Threats
  • Email Threats and Mitigation
  • Data Loss Prevention (DLP)
  • Endpoint Security and Behavior Analysis
  • Hardware Assurance
  • Blackholes and Sinkholes
  • IoT, Embedded Systems & ICS/SCADA Threats
  • Log Analysis & Continuous Security Monitoring
  • SIEM and Event Correlation
  • Malware Analysis
  • Cloud Models and Service Threats
  • Cloud Automation and Other Cloud Threats
  • VDI, Containers, and Microservices
  • CI/CD, IaC, DevOps
  • AI and Machine Learning
  • Digital Forensics
  • Technical Controls for Securing Data
  • Non-Technical Controls for Securing Data
  • Security Policies and Procedures
  • Continuity Planning and Risk Assessment
  • Incident Response Phases and Communication
Powered by GitBook
On this page

Software Assessment and Code Review

PreviousSoftware Development Lifecycle & Development ModelsNextMitigating Attack Types Part 1

Last updated 2 years ago

  • Static Code Analysis

    • Look at the code.

    • Automatic using a tool.

    • Manual without a tool. AKA Peer review

  • Formal Method

    • Machine-led

    • Track code paths: branches, loops, unreachable code.

  • User Acceptance Testing (UAT)

    • Beta versions

    • (some) users become testers

    • They will follow your guidelines… or not.

  • Regression Testing

    • Happens for new code or features

    • Make sure that the new code doesn’t break past code/features

  • Reverse engineering

    • Deconstruct compiled code into source code

    • Not always fully possible

    • Three levels

      • Machine code (compiled)

      • Assembly code

      • High level code (programming in languages we know)

    • For malware: sandbox. Safe place to detonate malware

    • Against reverse engineering

      • Code obfuscation

      • Code encryption

  • Dynamic Analysis

    • Debuggers

      • Pause execution, determine code branch, watch variables, etc

    • Stress/load testing

      • Determine limits

    • Fuzzing

      • Throw various inputs at your app

      • Focus on diversity, not quantity

    • Types of fuzzing:

      • Application UI

      • Protocol

      • File format

    • Burp Suite

  • Assessing Vulnerabiities in Code

    • Authentication

    • Injection flaws

    • Authorization

    • Error handling

    • Encryption

    • Auditing/logging

    • Session flaws

    • Insecure configurations

https://www.nist.gov/itl/ssd/software-quality-group/source-code-security-analyzers