The cybersecurity framework Identify Protect Detect Respond Recover Security key terms Asset Threat Vulnerability Risk Common threats and mitigation Buffer overflow Man in the middle Dos Cross site scripting Phishing Malware Sql injection Brute force Open web application security project top 10 Injection Broken authentication Sensitive data exposure XML external entities Broken access control Security misconfiguration Cross-site scripting Insecure deserialization Using components with know vulnerabilities Insufficient logging and monitoring Common vulnerabilities exposures (CVE) Id Description Impact Date published Protecting apps Hacker or attacker Malicious code The multilayer software architecture Tier 1 (Presentation) Tier 2 (Application) Tier 3 (Data) Three-tier approach to application security Keep software up-to-date Install end-user or security Use strong passwords Implement multifactor authentication (MFA) Install a firewall Encrypt data Encryption fundamentals Confidentiality Integrity Availability Digital signatures Data security Network (Data in motion) Storage (Data at rest) Memory (Data in use) Secure development methods Training & Education Threat Modeling Secure coding Code reviews Secure tooling Security Testing Threat modeling STRIDE PASTA VAST Secure coding validating inputs Encoding output Ensuring authentication and credential management Managing sessions Using access control lists Monitoring error handling and logging Protecting data,including files ... Code review Secure tooling Testing Intelligence gathering Scanning Access Reporting Securing network devices Firewalls Packet filtering firewalls Stateful inspection firewalls Application level - proxy firewall Next generation firewall IDS IPS NSLOOKUP Load-Balancing algorith Round-robin Least connected Source IP/Hash Cookie marking Consistent IP Hash Reverse proxy Security Scalability and Flexibility Web acceleration techniques Compression SSL Termination Caching Content filtering Authentication