CASP/1.0 Enterprise Security 40%
Distinguish which cryptographic tools and techniques are appropriate for a given situation.
[edit | edit source]Issuance to entities
[edit | edit source]"RFC 2510 PKI Certificate Management Protocols". Retrieved 12MAY2014. {{cite web}}: Check date values in: |accessdate= (help)
Users
[edit | edit source]"CERT issued certificate". Retrieved 15MAY2014. {{cite web}}: Check date values in: |accessdate= (help)
Systems
[edit | edit source]Muller, Randy (August 2006). "How IT Works: Certificate Services". TechNet Magazine. 2006 (August). Retrieved 2021-10-22.
Applications
[edit | edit source]Implications of cryptographic methods and design
[edit | edit source]Strength vs. performance vs. feasibility to implement vs. interoperability
[edit | edit source]"Understanding Cryptographic Performance" (PDF). Retrieved 15MAY2014. {{cite web}}: Check date values in: |accessdate= (help)
"Elliptic Curve". Retrieved 15MAY2014. {{cite web}}: Check date values in: |accessdate= (help)
Distinguish and select among different types of virtualized, distributed and shared computing
[edit | edit source]Advantages and disadvantages of virtualizing servers and minimizing physical space requirements
[edit | edit source]"Example of minimizing physical server space". Retrieved 22MAY2014. {{cite web}}: Check date values in: |accessdate= (help)
Securing virtual environments, appliances and equipment
[edit | edit source]"Virtual Environment Security". Retrieved 22MAY2014. {{cite web}}: Check date values in: |accessdate= (help)
Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines
[edit | edit source]Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines
[edit | edit source]Secure use of on-demand / elastic cloud computing
[edit | edit source]Provisioning and De-provisioning
[edit | edit source]Vulnerabilities associated with co-mingling of hosts with different security requirements
[edit | edit source]Explain the security implications of enterprise storage
[edit | edit source]Integrate hosts, networks, infrastructures, applications and storage into secure comprehensive solutions
[edit | edit source]"Integrating Application Delivery Solutions into Data Center Infrastructure". Retrieved 28MAY2014. {{cite web}}: Check date values in: |accessdate= (help)
Placement of security devices
[edit | edit source]IPv6
[edit | edit source]Complex network, Network security, solutions for data flow
[edit | edit source]"Network Security Solutions". {{cite web}}: Text "accessdate2014JUN02" ignored (help)
"High Performance Network Security, Enterprise and Data-Center Firewall". Retrieved 2014JUN02. {{cite web}}: Check date values in: |accessdate= (help)
Secure data flows to meet changing business needs
[edit | edit source]"Network Security". Retrieved 2014JUN02. {{cite web}}: Check date values in: |accessdate= (help)
Secure directory services
[edit | edit source]Logical deployment diagram and corresponding physical deployment diagram of all relevant devices
[edit | edit source]Distinguish among security controls for hosts
[edit | edit source]"Host Based Security Controls". {{cite web}}: Text "accessdate2014JUN03" ignored (help)
Host-based firewalls
[edit | edit source]Trusted OS – Operating System (e.g. how and when to use it)
[edit | edit source]Security Policy / group policy implementation
[edit | edit source]Command shell restrictions
[edit | edit source]Warning banners
[edit | edit source]"System/Network Login Banners". {{cite web}}: Text "accessdate2014JUN03" ignored (help)
Restricted interfaces
[edit | edit source]"The Benefit of Structured Interfaces in Collaborative Communication" (PDF). Retrieved 2014JUN03. {{cite web}}: Check date values in: |accessdate= (help)
Asset management (inventory control)
[edit | edit source]Data exfiltration
[edit | edit source]HIDS – Host Based Intrusion Detection System/HIPS – Host Based Intrusion Prevention System
[edit | edit source]NIDS – Network Based Intrusion Detection System/NIPS – Network Based Intrusion Prevention System
[edit | edit source]Explain the importance of application security
[edit | edit source]Web application security design considerations
[edit | edit source]"Design Guidelines for Secure Web Applications". Retrieved 2014JUN16. {{cite web}}: Check date values in: |accessdate= (help)
Secure: by design, by default, by deployment
[edit | edit source]"A Look Inside the Security Development Lifecycle at Microsoft". Retrieved 2014JUN16. {{cite web}}: Check date values in: |accessdate= (help)
Specific application issues
[edit | edit source]Industry accepted approaches
[edit | edit source]Secure coding standards
[edit | edit source]"Secure Coding Standards". Retrieved 2014JUN25. {{cite web}}: Check date values in: |accessdate= (help)
Exploits resulting from improper error and exception handling
[edit | edit source]"Improper error handling". Retrieved 2014JUN25. {{cite web}}: Check date values in: |accessdate= (help)
Improper storage of sensitive data
[edit | edit source]"CWE-591: Sensitive Data Storage in Improperly Locked Memory". Retrieved 2014JUN25. {{cite web}}: Check date values in: |accessdate= (help)
Fuzzing/false injection
[edit | edit source]Secure cookie storage and transmission
[edit | edit source]Client-side processing vs. server-side processing
[edit | edit source]AJAX
[edit | edit source]Resource exhaustion
[edit | edit source]Given a scenario, distinguish and select the method or tool that is appropriate to conduct an assessment
[edit | edit source]Tool type
[edit | edit source]Fuzzer
[edit | edit source]"OWASP Testing Guide Appendix C: Fuzz Vectors". Retrieved 2014JUN25. {{cite web}}: Check date values in: |accessdate= (help)
HTTP – Hypertext Transfer Protocol interceptor
[edit | edit source]"Intercepting Messages". {{cite web}}: |access-date= requires |url= (help); Check date values in: |accessdate= (help); Missing or empty |url= (help); Text "http://portswigger.net/burp/Help/proxy_intercept.html" ignored (help)
Attacking tools/frameworks
[edit | edit source]"Black Hat: Top 20 hack-attack tools". {{cite web}}: |access-date= requires |url= (help); Check date values in: |accessdate= (help); Missing or empty |url= (help); Text "http://www.networkworld.com/article/2168329/malware-cybercrime/black-hat--top-20-hack-attack-tools.html" ignored (help)
Methods
[edit | edit source]"5 ways hackers attack you (and how to counter them)". {{cite web}}: |access-date= requires |url= (help); Check date values in: |accessdate= (help); Missing or empty |url= (help); Text "http://www.usatoday.com/story/tech/columnist/komando/2013/07/19/hacker-attack-trojan-horse-drive-by-downloads-passwords/2518053/" ignored (help)