Term
|
Definition
Spoofing
Tampering
Repudiation
information disclosure
DOS
Elevation if priviliege |
|
|
Term
|
Definition
Damage potential
Reproducibility
Exploitability
Affected Users
Discoverabiity |
|
|
Term
|
Definition
| Secure electronic transaction |
|
|
Term
| Spoofing identity is what? |
|
Definition
| Impersonating a valid user, resource or system |
|
|
Term
| What is spoofing a threat to? |
|
Definition
| Confidentiality, integrity, availability |
|
|
Term
| What is tampering with data? |
|
Definition
| Inappropriately modifying system or user data |
|
|
Term
| What tampering with data is a threat to? |
|
Definition
|
|
Term
|
Definition
| The inability to ID an attacker |
|
|
Term
| What is repudiation a threat to? |
|
Definition
|
|
Term
| What is information disclosure? |
|
Definition
|
|
Term
| What is denial of... never mind |
|
Definition
| If you don't know this, you should probably just go home |
|
|
Term
| Elevation of priviledge is? |
|
Definition
| Gaining privileges he or she should not have |
|
|
Term
| Elevation of privilege is a threat that affects? |
|
Definition
| Confidentiality, integrity, availability |
|
|
Term
| Damage potential is what? |
|
Definition
| How much damage will ocurr if an exploit occurs |
|
|
Term
|
Definition
| How easy is it to reproduce the athreat exploit? |
|
|
Term
|
Definition
| What is needed to exploit this threat |
|
|
Term
|
Definition
| How many users will be affected |
|
|
Term
|
Definition
| How easy is it to discover this threat |
|
|
Term
| What, on the scale of 0-10 is discoverability 0, 5,9, 10 |
|
Definition
0= Very hard
5 = Can figure it out by guessing or by monitoring network traces
9= Details of faults like this are already in the public domain
10 = Info available in the web browser address bar / form |
|
|
Term
|
Definition
| (DAMAGE + REPRODUCIBILITY + EXPLOITABILITY + AFFECTED USERS + DISCOVERABILITY) / 5 |
|
|
Term
|
Definition
| Secure Electronic Transactions |
|
|
Term
|
Definition
| An open encryption and security specification |
|
|
Term
| What are the three SET services? |
|
Definition
Secure comminication channel
X.509v3
Ensure privacy |
|
|
Term
| What are the 4 key features of SET? |
|
Definition
Confidentiality of information
Integrity of data
Careholder account auth
Merchant auth |
|
|
Term
| What are the key disadvantages of SET? |
|
Definition
Need to install client software
Cost and complexity
Certificate distribution |
|
|
