|
4.0 Application, Data and Host Security
4.1 Explain the importance of application security
- Fuzzing
- Secure coding concepts
- Error and exception handling
- Input validation
- Cross-site scripting prevention
- Cross-site Request Forgery (XSRF) prevention
- Application configuration baseline (proper settings)
- Application hardening
- Application patch management
- Operating system security and settings
- Anti-malware
- Anti-virus
- Anti-spam
- Anti-spyware
- Pop-up blockers
- Host-based firewalls
- Patch management
- Hardware security
- Cable locks
- Safe
- Locking cabinets
- Host software baselining
- Mobile devices
- Screen lock
- Strong password
- Device encryption
- Remote wipe/sanitation
- Voice encryption
- GPS tracking
- Virtualization
4.3 Explain the importance of data security
- Data Loss Prevention (DLP)
- Data encryption
- Full disk
- Database
- Individual files
- Removable media
- Mobile devices
- Hardware based encryption devices
- TPM
- HSM
- USB encryption
- Hard drive
- Cloud computing
|
|
|