Resources

4.0 Application, Data and Host Security


4.1 Explain the importance of application security

  • Fuzzing
  • Secure coding concepts
    • Error and exception handling
    • Input validation
  • Cross-site scripting prevention
  • Cross-site Request Forgery (XSRF) prevention
  • Application configuration baseline (proper settings)
  • Application hardening
  • Application patch management

4.2 Carry out appropriate procedures to establish host security

  • Operating system security and settings
  • Anti-malware
    • Anti-virus
    • Anti-spam
    • Anti-spyware
    • Pop-up blockers
    • Host-based firewalls
  • Patch management
  • Hardware security
    • Cable locks
    • Safe
    • Locking cabinets
  • Host software baselining
  • Mobile devices
    • Screen lock
    • Strong password
    • Device encryption
    • Remote wipe/sanitation
    • Voice encryption
    • GPS tracking
  • Virtualization

4.3 Explain the importance of data security

  • Data Loss Prevention (DLP)
  • Data encryption
    • Full disk
    • Database
    • Individual files
    • Removable media
    • Mobile devices
  • Hardware based encryption devices
    • TPM
    • HSM
    • USB encryption
    • Hard drive
  • Cloud computing
Recommended

 





Associates