3.6 Summarize secure application development and deployment concepts Flashcards
Development lifecycle models
Waterfall vs Agile.
Waterfall: each phase must be completed sequentially.
Agile: iterates through phases concurrently.
Secure DevOps
DevOps means that there is much more collaboration between developers and system administrators.
Security automation
The concept of scripted or programmed infrastructure can also be applied to security infrastructure (firewalls, IDS, SIEM, and privilege management). For example, security automation might mean that a user account is provisioned by running a script for the appropriate role rather than relying on a human administrator to select the appropriate security groups and policy settings.
Continuous integration
The principle that developers should commit updates often (every day or sometimes even more frequently).
Immutable systems
This approach first strictly divides data from the components processing data. Once designed and provisioned as instances, the components are never changed or patched in place. Deploying a patch or adding a new application means building a new instance and deploying that.
Infrastructure as code
This is the principle that when deploying an application, the SERVER INSTANCE supporting the application can be defined and provisioned through the software code. Imagine a setup program that not only installs the application but also creates a VM and OS on which to run the application.
Version control and change management
An ID system for each iteration of a software product.
Provisioning and deprovisioning
Provisioning is the process of deploying an application to the target environment, such as enterprise desktops, mobile devices, or cloud infrastructure.
Deprovisioning is the process of removing an application from packages or instances.
Proper error handling
Ideally, the programmer will have written an error or exception handler to dictate what the application should then do in case of invalid user input, a loss of network connectivity, another server or process failing.
Proper input validation
To mitigate this risk, all input methods should be documented with a view to reducing the potential attack surface exposed by the application. There must be routines to check user input, and anything that does not conform to what is required must be rejected. Can reduce risk of injection attacks.
Normalization
Means that a string is stripped of illegal characters or substrings and converted to the accepted character set. This ensures that the string is in a format that can be processed correctly by the input validation routines.
Stored procedures
A part of a database that executes a custom query. The procedure is supplied an input by the calling program and returns a pre-defined output for matched records.
Code signing
The principal means of proving the authenticity and integrity of code (an executable or a script). The developer creates a cryptographic hash of the file then signs the hash using his or her private key.
Obfuscation/camouflage
A software that randomizes the names of variables, constants, functions, and procedures, removes comments and white space, and performs other operations to make the compiled code physically and mentally difficult to read and follow.
Code reuse/dead code
Dead code is executed but has no effect on the program flow.
Server-side vs. client-side execution and validation
The main issue with client-side validation is that the client will always be more vulnerable to some sort of malware interfering with the validation process. The main issue with server-side validation is that it can be time-consuming, as it may involve multiple transactions between the server and client. Consequently, client-side validation is usually restricted to informing the user that there is some sort of problem with the input before submitting it to the server.
Use of third-party libraries and SDKs
Third-party library—a binary package (such as a Dynamic Link Library) that implements some sort of standard functionality, such as establishing a network connection or performing cryptography. Each library must be monitored for vulnerabilities and patched promptly.
(SDK)—the programming environment used to create the software might provide sample code or libraries of pre-built functions. As with other third-party libraries or code, it is imperative to monitor for vulnerabilities.
Data exposure
A fault that allows privileged information (such as a token, password, or PII) to be read without being subject to the appropriate access controls.
Static code analyzers
Software that can scan code for known security risks.
Dynamic analysis (e.g., fuzzing)
Software that tests code for vulnerabilities in the runtime environment.
Stress testing
Tests an application performance under extreme usage.
Sandboxing
Each development environment should be segmented from the others. No processes should be able to connect to anything outside the sandbox. Only the minimum tools and services necessary to perform code development and testing should be allowed in each sandbox.
Model verification
A compliance testing process to ensure that the product or system meets its design goals.
Compiled vs. runtime code
Compiled code is syntactically correct.
Runtime code is functioning properly without errors.
