2.3 Application Development, Deployment & Automation Flashcards
What is the Staging environment?
A non-production environment, with production data, that allows final testing of an app prior to live deployment. Done after QA testing has been completed as a final check
Define provisioning
Preparing all the resources required to deploy an application
Define de-provisioning
Completely removing an application and the all the resources related to it
Define Scalability
The load that the resources for an app can handle
Define Elasticity
Ability to increase or decrease resources for an app based on workload
Define Integrity check, relative to application deployment
Verifying that all the settings, configurations, etc, are as expected after an application is deployed to production
Define Normalization relative to application security
Validating data inputs prior to processing to prevent malicious input, i.e. a zip-code should be numeric and a certain length or format
How does use of Stored Procedures relate to application security
Using stored procedures, instead of making direct database calls from the application, prevents the ability to inject malicious actions run against the database
What obfuscation in relation to application security
Making code less readable to make it harder to understand what it is doing
What is code re-use and dead code?
Code re-use is copying and pasting blocks of code in different places, dead code is code that runs with the output never being used by the application
Define risks/benefits of Server-side vs Client-side coding
Client-side code execution is faster but presents more security risks than server-side execution and validation
Define memory management security risks in an application
If proper input validation is not done, a malicious actor might be able to cause memory overflows and crash an application/service
What risk is associated with the use of third-party libraries/SDKs in application development?
Have to research and understand the security of it before implementing
What risks are associated with data handling in applications?
Sensitive data needs to be encrypted during transit and storage
What can Open Web Application Security Project (OWASP) provide?
open source resources for developing secure web applications