Fuzzing (Fuzz testing): Testing that provides a lot of different inputs, to try to cause unauthorized access or for the application to enter unpredictable state or crash. If the program crashes or hangs the fuzz test failed. The Fuzz tester can enter values into the script or use pre-compiled random or specific values. Mutating fuzzing – The tester analyses real info and modify it iteratively.

Elliptic Curve Cryptography (ECC) is a one-way function that uses discrete Logarithms applied to elliptical curves. Much stronger per bit than normal discrete Logarithms.

A computer worm is a standalone malware computer program that replicates itself to spread to other computers; they normally operate on OSI layer 5-7.

RBAC is role based access control, not a security audit standard. SOC 2 and PCI-DSS are standards we audit against.

Context-based access control: Access to an object is controlled based on certain contextual parameters, such as location, time, sequence of responses, access history.

HIPAA is the Health Insurance Portability and Accountability Act.

Formal Access Approval: Document from the data owner approving access to the data for the subject. Subject must understand all requirements for accessing the data and the liability involved if compromised, lost or destroyed. Appropriate Security Clearance is required as well as the Formal Access Approval.

Hash Functions (One-Way Hash Functions) are used for Integrity: A variable-length plaintext is hashed into a fixed-length value hash or MD (Message Digest). It is used to prove the Integrity of the data has not changed. Even changing a comma in a 1000 page document will produce an entirely new hash.

A1 Injection. Can be any code injected into user forms, often seen is SQL/LDAP. Attackers can do this because our software does not use: Strong enough input validation and data type limitations input fields. Input length limitations. The fix is to do just that, we only allow users to input appropriate data into the fields, only letters in names, numbers in phone number, have dropdowns for country and state (if applicable), we limit how many characters people can use per cell,

Something you know - Type 1 Authentication: passwords, pass phrase, PIN, etc., also called knowledge factors. The subject uses these to authenticate their identity: they know the secret, therefore they must be who they say they are.