CASP/1.0 Enterprise Security 40%
Distinguish which cryptographic tools and techniques are appropriate for a given situation. edit
Cryptographic applications and proper implementation edit
Advanced PKI concepts edit
Wild card edit
OCSP—Online Certificate Status Protocol VS CRL – Certification Revocation List edit
Issuance to entities edit
"RFC 2510 PKI Certificate Management Protocols". Retrieved 12MAY2014. {{cite web}}
: Check date values in: |accessdate=
(help)
Users edit
"CERT issued certificate". Retrieved 15MAY2014. {{cite web}}
: Check date values in: |accessdate=
(help)
Systems edit
Muller, Randy (August 2006). "How IT Works: Certificate Services". TechNet Magazine. 2006 (August). Retrieved 2021-10-22.
Applications edit
Implications of cryptographic methods and design edit
Strength vs. performance vs. feasibility to implement vs. interoperability edit
"Understanding Cryptographic Performance" (PDF). Retrieved 15MAY2014. {{cite web}}
: Check date values in: |accessdate=
(help)
"Elliptic Curve". Retrieved 15MAY2014. {{cite web}}
: Check date values in: |accessdate=
(help)
Transport encryption edit
Digital signature edit
Hashing edit
Code signing edit
Non-repudiation edit
Entropy edit
Pseudo random number generation edit
Perfect forward secrecy edit
Confusion and Diffusion edit
edit
Advantages and disadvantages of virtualizing servers and minimizing physical space requirements edit
"Example of minimizing physical server space". Retrieved 22MAY2014. {{cite web}}
: Check date values in: |accessdate=
(help)
VLAN – Virtual Local Area Network edit
Securing virtual environments, appliances and equipment edit
"Virtual Environment Security". Retrieved 22MAY2014. {{cite web}}
: Check date values in: |accessdate=
(help)
Vulnerabilities associated with a single physical server hosting multiple companies’ virtual machines edit
Vulnerabilities associated with a single platform hosting multiple companies’ virtual machines edit
Secure use of on-demand / elastic cloud computing edit
Provisioning and De-provisioning edit
Data remnants edit
Vulnerabilities associated with co-mingling of hosts with different security requirements edit
Virtual Machine Escape edit
Privilege elevation edit
Virtual Desktop Infrastructure (VDI) edit
Terminal services edit
Explain the security implications of enterprise storage edit
Virtual storage edit
NAS- Network Attached Storage edit
SAN – Storage Area Network edit
vSAN – Virtual Storage Area Network edit
iSCSI - internet Small Computer System Interface edit
FCOE – Fiber Channel Over Ethernet edit
LUN – Logical Unit Number edit
HBA- Host Based Adapter allocation edit
Redundancy (location) edit
Secure storage management edit
Multipath edit
Snapshots edit
Deduplication edit
Integrate hosts, networks, infrastructures, applications and storage into secure comprehensive solutions edit
"Integrating Application Delivery Solutions into Data Center Infrastructure". Retrieved 28MAY2014. {{cite web}}
: Check date values in: |accessdate=
(help)
Advanced network design edit
Remote access edit
Placement of security devices edit
Critical infrastructure / Supervisory Control and Data Acquisition (SCADA) edit
VoIP - Voice over IP edit
IPv6 edit
Complex network, Network security, solutions for data flow edit
Unified Threat Management edit
"Network Security Solutions". {{cite web}}
: Text "accessdate2014JUN02" ignored (help)
"High Performance Network Security, Enterprise and Data-Center Firewall". Retrieved 2014JUN02. {{cite web}}
: Check date values in: |accessdate=
(help)
Secure data flows to meet changing business needs edit
"Network Security". Retrieved 2014JUN02. {{cite web}}
: Check date values in: |accessdate=
(help)
Secure DNS – Domain Name Service (Server) edit
Securing zone transfer edit
TSIG- Transaction Signature Interoperability Group edit
Secure directory services edit
LDAP – Lightweight Directory Access Protocol edit
AD—Active Directory edit
Federated ID edit
Single sign on edit
Network design consideration edit
Building layouts edit
Facilities management edit
Multitier networking data design considerations edit
Logical deployment diagram and corresponding physical deployment diagram of all relevant devices edit
Distinguish among security controls for hosts edit
"Host Based Security Controls". {{cite web}}
: Text "accessdate2014JUN03" ignored (help)
Host-based firewalls edit
Trusted OS – Operating System (e.g. how and when to use it) edit
End point security software edit
Anti-malware edit
Anti-virus edit
Anti-spyware edit
Spam filters edit
Host hardening edit
Standard operating environment edit
Security Policy / group policy implementation edit
Command shell restrictions edit
Warning banners edit
"System/Network Login Banners". {{cite web}}
: Text "accessdate2014JUN03" ignored (help)
Restricted interfaces edit
"The Benefit of Structured Interfaces in Collaborative Communication" (PDF). Retrieved 2014JUN03. {{cite web}}
: Check date values in: |accessdate=
(help)
Asset management (inventory control) edit
Data exfiltration edit
HIDS – Host Based Intrusion Detection System/HIPS – Host Based Intrusion Prevention System edit
NIDS – Network Based Intrusion Detection System/NIPS – Network Based Intrusion Prevention System edit
Explain the importance of application security edit
Web application security design considerations edit
"Design Guidelines for Secure Web Applications". Retrieved 2014JUN16. {{cite web}}
: Check date values in: |accessdate=
(help)
Secure: by design, by default, by deployment edit
"A Look Inside the Security Development Lifecycle at Microsoft". Retrieved 2014JUN16. {{cite web}}
: Check date values in: |accessdate=
(help)
Specific application issues edit
XSS - Cross-Site Scripting edit
Click-jacking edit
Session management edit
Input validation edit
SQL injection edit
Application sandboxing edit
Application security frameworks edit
Standard libraries edit
Industry accepted approaches edit
Secure coding standards edit
"Secure Coding Standards". Retrieved 2014JUN25. {{cite web}}
: Check date values in: |accessdate=
(help)
Exploits resulting from improper error and exception handling edit
"Improper error handling". Retrieved 2014JUN25. {{cite web}}
: Check date values in: |accessdate=
(help)
Privilege escalation edit
Improper storage of sensitive data edit
"CWE-591: Sensitive Data Storage in Improperly Locked Memory". Retrieved 2014JUN25. {{cite web}}
: Check date values in: |accessdate=
(help)
Fuzzing/false injection edit
Secure cookie storage and transmission edit
Client-side processing vs. server-side processing edit
AJAX edit
State management edit
JavaScript edit
Buffer overflow edit
Memory leaks edit
Integer overflows edit
Race conditions edit
Time of check to time of use edit
Resource exhaustion edit
Given a scenario, distinguish and select the method or tool that is appropriate to conduct an assessment edit
Tool type edit
Port scanners edit
Vulnerability scanners edit
Protocol analyzer edit
Switchport analyzer edit
Network enumerator edit
Password cracker edit
Fuzzer edit
"OWASP Testing Guide Appendix C: Fuzz Vectors". Retrieved 2014JUN25. {{cite web}}
: Check date values in: |accessdate=
(help)
HTTP – Hypertext Transfer Protocol interceptor edit
"Intercepting Messages". {{cite web}}
: |access-date=
requires |url=
(help); Check date values in: |accessdate=
(help); Missing or empty |url=
(help); Text "http://portswigger.net/burp/Help/proxy_intercept.html" ignored (help)
Attacking tools/frameworks edit
"Black Hat: Top 20 hack-attack tools". {{cite web}}
: |access-date=
requires |url=
(help); Check date values in: |accessdate=
(help); Missing or empty |url=
(help); Text "http://www.networkworld.com/article/2168329/malware-cybercrime/black-hat--top-20-hack-attack-tools.html" ignored (help)
Methods edit
"5 ways hackers attack you (and how to counter them)". {{cite web}}
: |access-date=
requires |url=
(help); Check date values in: |accessdate=
(help); Missing or empty |url=
(help); Text "http://www.usatoday.com/story/tech/columnist/komando/2013/07/19/hacker-attack-trojan-horse-drive-by-downloads-passwords/2518053/" ignored (help)