2.3 Application Development, Deployment & Automation

Question 1

What is the Staging environment?

Answer 1

A non-production environment, with production data, that allows final testing of an app prior to live deployment. Done after QA testing has been completed as a final check

Question 2

Define provisioning

Answer 2

Preparing all the resources required to deploy an application

Question 3

Define de-provisioning

Answer 3

Completely removing an application and the all the resources related to it

Question 4

Define Scalability

Answer 4

The load that the resources for an app can handle

Question 5

Define Elasticity

Answer 5

Ability to increase or decrease resources for an app based on workload

Question 6

Define Integrity check, relative to application deployment

Answer 6

Verifying that all the settings, configurations, etc, are as expected after an application is deployed to production

Question 7

Define Normalization relative to application security

Answer 7

Validating data inputs prior to processing to prevent malicious input, i.e. a zip-code should be numeric and a certain length or format

Question 8

How does use of Stored Procedures relate to application security

Answer 8

Using stored procedures, instead of making direct database calls from the application, prevents the ability to inject malicious actions run against the database

Question 9

What obfuscation in relation to application security

Answer 9

Making code less readable to make it harder to understand what it is doing

Question 10

What is code re-use and dead code?

Answer 10

Code re-use is copying and pasting blocks of code in different places, dead code is code that runs with the output never being used by the application

Question 11

Define risks/benefits of Server-side vs Client-side coding

Answer 11

Client-side code execution is faster but presents more security risks than server-side execution and validation

Question 12

Define memory management security risks in an application

Answer 12

If proper input validation is not done, a malicious actor might be able to cause memory overflows and crash an application/service

Question 13

What risk is associated with the use of third-party libraries/SDKs in application development?

Answer 13

Have to research and understand the security of it before implementing

Question 14

What risks are associated with data handling in applications?

Answer 14

Sensitive data needs to be encrypted during transit and storage

Question 15

What can Open Web Application Security Project (OWASP) provide?

Answer 15

open source resources for developing secure web applications

Question 16

What is software diversity?

Answer 16

Having slightly different binaries or application paths across computers to minimize the affects of an attack

Question 17

How can software diversity be implemented in the compiler?

Answer 17

By changing the paths of the compiled files

Question 18

How can software diversity be implemented in binaries?

Answer 18

By deploying different binaries for the same application across an organization

Question 19

An example of how automation can keep an app up and running

Answer 19

Automatically deleting log files to prevent a hard drive from being filled up

Question 20

What is continuous deployment in an application?

Answer 20

Automatically deploying code to production if it passes automated QA testing