2.3 Application Development, Deployment & Automation Flashcards
What is the Staging environment?
A non-production environment, with production data, that allows final testing of an app prior to live deployment. Done after QA testing has been completed as a final check
Define provisioning
Preparing all the resources required to deploy an application
Define de-provisioning
Completely removing an application and the all the resources related to it
Define Scalability
The load that the resources for an app can handle
Define Elasticity
Ability to increase or decrease resources for an app based on workload
Define Integrity check, relative to application deployment
Verifying that all the settings, configurations, etc, are as expected after an application is deployed to production
Define Normalization relative to application security
Validating data inputs prior to processing to prevent malicious input, i.e. a zip-code should be numeric and a certain length or format
How does use of Stored Procedures relate to application security
Using stored procedures, instead of making direct database calls from the application, prevents the ability to inject malicious actions run against the database
What obfuscation in relation to application security
Making code less readable to make it harder to understand what it is doing
What is code re-use and dead code?
Code re-use is copying and pasting blocks of code in different places, dead code is code that runs with the output never being used by the application
Define risks/benefits of Server-side vs Client-side coding
Client-side code execution is faster but presents more security risks than server-side execution and validation
Define memory management security risks in an application
If proper input validation is not done, a malicious actor might be able to cause memory overflows and crash an application/service
What risk is associated with the use of third-party libraries/SDKs in application development?
Have to research and understand the security of it before implementing
What risks are associated with data handling in applications?
Sensitive data needs to be encrypted during transit and storage
What can Open Web Application Security Project (OWASP) provide?
open source resources for developing secure web applications
What is software diversity?
Having slightly different binaries or application paths across computers to minimize the affects of an attack
How can software diversity be implemented in the compiler?
By changing the paths of the compiled files
How can software diversity be implemented in binaries?
By deploying different binaries for the same application across an organization
An example of how automation can keep an app up and running
Automatically deleting log files to prevent a hard drive from being filled up
What is continuous deployment in an application?
Automatically deploying code to production if it passes automated QA testing