2.3 Application Development, Deployment & Automation Flashcards

1
Q

What is the Staging environment?

A

A non-production environment, with production data, that allows final testing of an app prior to live deployment. Done after QA testing has been completed as a final check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Define provisioning

A

Preparing all the resources required to deploy an application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Define de-provisioning

A

Completely removing an application and the all the resources related to it

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Define Scalability

A

The load that the resources for an app can handle

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Define Elasticity

A

Ability to increase or decrease resources for an app based on workload

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Define Integrity check, relative to application deployment

A

Verifying that all the settings, configurations, etc, are as expected after an application is deployed to production

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Define Normalization relative to application security

A

Validating data inputs prior to processing to prevent malicious input, i.e. a zip-code should be numeric and a certain length or format

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

How does use of Stored Procedures relate to application security

A

Using stored procedures, instead of making direct database calls from the application, prevents the ability to inject malicious actions run against the database

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What obfuscation in relation to application security

A

Making code less readable to make it harder to understand what it is doing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

What is code re-use and dead code?

A

Code re-use is copying and pasting blocks of code in different places, dead code is code that runs with the output never being used by the application

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Define risks/benefits of Server-side vs Client-side coding

A

Client-side code execution is faster but presents more security risks than server-side execution and validation

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Define memory management security risks in an application

A

If proper input validation is not done, a malicious actor might be able to cause memory overflows and crash an application/service

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What risk is associated with the use of third-party libraries/SDKs in application development?

A

Have to research and understand the security of it before implementing

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What risks are associated with data handling in applications?

A

Sensitive data needs to be encrypted during transit and storage

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What can Open Web Application Security Project (OWASP) provide?

A

open source resources for developing secure web applications

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is software diversity?

A

Having slightly different binaries or application paths across computers to minimize the affects of an attack

17
Q

How can software diversity be implemented in the compiler?

A

By changing the paths of the compiled files

18
Q

How can software diversity be implemented in binaries?

A

By deploying different binaries for the same application across an organization

19
Q

An example of how automation can keep an app up and running

A

Automatically deleting log files to prevent a hard drive from being filled up

20
Q

What is continuous deployment in an application?

A

Automatically deploying code to production if it passes automated QA testing