CH10 Secure Software Development

Question 1

What is SDLC ?

Answer 1

SDLC = Software Development Life Cycle

Question 2

What are the seven phases of the software development life cycle ?

Answer 2

1. Planning and Analysis
2. Software / Systems Design
3. Implementation
4. Testing
5. Integration
6. Deployment
7. Maintenance

Question 3

What is Agile software development ?

Answer 3

Performed in time-boxed or small increments to allow more adaptivity to change.
Agile development projects work in either two-week or four-week time period known as sprint.

Question 4

What is DevOps ?

Answer 4

Software development and information technology operations.

Software developers and IT operation personal work closely together to speed up the development and deployment of the applications and to get things out to the end user quicker.

Question 5

What is CIA triad ?

Answer 5

confidentiality, integrity, and availability

Confidentiality – ensures that only authorized users can access the data. The most common way of ensuring confidentiality is to include the use of encryption to maintain the secrecy of the data being stored.

Integrity – ensuring that the data is not modified or altered without permission. Two main ways that we do this as developers is by utilizing hash algorithms as a method of integrity check for the data or by using journaling and logging functions to create audit trail showing the integrity of the data has not been compromised.

Availability – Ensuring that data is available to authorized users when it is needed. Developers do this by creating redundancy in the overall system design, by ensuring their software code is error-free, or by ensuring that their software can conduct error handling appropriately to prevent crashes.

Question 6

What does Threat modeling do?

Answer 6

Threat modeling helps prioritize vulnerability identification and patching

Question 7

What is a concept of Defense in Depth?

Answer 7

Layering of security controls is more effective and secure than relying on a single control

Question 8

What are SDLC Principles ?

Answer 8

o Developers should always remember confidentiality, integrity, and availability
o Threat modeling helps prioritize vulnerability identification and patching
o Least Privilege
o Defense in Depth
o Never Trust User Input
o Minimize Attack Surface
o Create Secure Defaults
o Authenticity and Integrity
o Fail Securely
o Fix Security Issues
o Rely on Trusted SDKs

Question 9

What is Black-box Testing ?

Answer 9

Occurs when a tester is not provided with any information about the system or program prior to conducting the test

Question 10

What is White-box Testing ?

Answer 10

Occurs when a tester is provided full details of a system including the source code, diagrams, and user credentials in order to conduct the test

Question 11

What is Gray-box testing ?

Answer 11

mixture of black-box and white-box. Tester is given some amount of information about the system and conducts his testing as if he doesn’t have full access to it

Question 12

What is Static Analysis ?

Answer 12

Source code of an application is reviewed manually or with automatic tools without running the code

Question 13

What is Dynamic Analysis ?

Answer 13

Analysis and testing of a program occurs while it is being executed or run

Question 14

What is Fuzzing ?

Answer 14

Injection of randomized data into a software program in an attempt to find system failures, memory leaks, error handling issues, and improper input validation

Question 15

What is Backdoor vulnerabilities ?

Answer 15

code placed in computer programs to bypass normal authentication and other security mechanisms.
Backdoors are a poor coding practice and should not be utilized.

Question 16

What is Arbitrary Code Execution ?

Answer 16

occurs when an attacker is able to execute or run commands on a victim computer. (Ex: someone start executing code on your computer while you have stepped away)

Question 17

What is Directory Traversal ?

Answer 17

method of accessing unauthorized directories by moving through the directory structure on a remote server.

a directory traversal is used as a way to access a file on a web server and sometimes you can even use it to conduct an arbitrary code execution on that server

For the exam: any time you see that there’s a series of ../ in them, it is most likely a directory traversal and it’s being used as part of an exploit

Question 18

What is RCE ?

Answer 18

RCE = Remote Code Execution

occurs when the attacker is able to execute or run commands on a remote computer

Question 19

What is Zero Day Exploit?

Answer 19

Attack against a vulnerability that is unknown to the original developer or manufacturer

Question 20

What is Buffer Overflow ?

Answer 20

Occurs when a process stores data outside the memory range allocated by the developer.

Buffer overflows attempt to put more data into memory than it is designed to hold

Question 21

What is Stack ?

Answer 21

reserved area of memory where the program saves the return address when a function call instruction is received.

Question 22

What is Smash the Stack ?

Answer 22

occurs when an attacker fills up the buffer with NOP so that the return address may hit a NOP (non-operation instruction) and continue on until it finds the attacker’s code to run.

Question 23

What is ASLR ?

Answer 23

ASLR = Address Space Layout Randomization

It is one of the ways to mitigate against a buffer overflow attack.
It is a method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits.

Question 24

What is XSS ?

Answer 24

XSS = Cross-Site Scripting

Occurs when an attacker embeds malicious scripting commands on a trusted website

When this occurs, the attacker is trying to gain elevated privileges, steal information from the victims cookies, or gain other information stored by the victim’s web browser. It focuses on exploiting the trust between a user’s web browser and website.

To prevent Cross-site scripting (XSS) attack, programmers should use the output encoding of their web applications to prevent codes from being injected into them during delivery, and they should also use proper input validation to prevent the ability for HTML tags to be inserted by users when they’re entering information on a web form.

Question 25

What are 3 types of cross-site scripting attacks ?

Answer 25

Stored and Persistent cross-site scripting attack - attempts to get data provided by the attacker to be saved on to the web server by the victim.

Reflected cross-site scripting attack – attempts to have a non-persistent effect activated by a victim clicking a link on the site

Document Object Model (DOM) based attack – attempts to exploit the victim’s web browser. (AKA cross-site scripting attack)

Question 26

What is XSRF ?

Answer 26

XSRF - Cross-Site Request Forgery

occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated. It exploits the trust that website has in a user. The attacker is sending a command to the web server through your authenticating session, forging the request to make it look like it came from you. The attacker will not be able to see the web server’s response to his request but he could still use this to transport funds from the victim, change their password, etc.

To prevent Cross-Site Request Forgery (XSRF) programmer should require specialized tokens, encryption, XML file scanning, and cookie verification.

Question 27

What is SQL Injection ?

Answer 27

Attack consisting of the insertion or injection of an SQL query via input data from the client to a web application

For the Exam : any time you see a question that shows something like an ‘OR 1=1’ or any other statement that will always return true value, it’s going to be an SQL injection

Question 28

What is Injection attack?

Answer 28

Insert of additional information or code through data input from a client to an application. Most common injection attacks happen through SQL, HTML, XML, and LDAP injections

Most common type is an SQL injection

Question 29

What is XML Vulnerabilities ?

Answer 29

XML data submitted without encryption or input validation is vulnerable to spoofing, request forgery, and injection of arbitrary code

Question 30

What is XML Bomb (Billion Laughs Attack) ?

Answer 30

XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it

Question 31

What is XXE

Answer 31

XXE = XML External Entity

An attack that embeds a request for a local resource

To prevent XML vulnerabilities from being exploited, use proper input validation

Question 32

What is Race Conditions ?

Answer 32

A software vulnerability when the resulting outcome from execution processes is directly dependent on the order and timing of certain events, and those events fail to execute in the order and timing intended by the developer

A race condition vulnerability is found where multiple threads are attempting to write a variable or object at the same memory location

Race conditions are difficult to detect and mitigate

Race conditions can also be used against databases and file systems

Question 33

What is Dereferencing ?

Answer 33

A software vulnerability that occurs when the code attempts to remove the relationship between a pointer and the thing it points to

Question 34

What is TOCTTOU ?

Answer 34

TOCTTOU = Time of Check to Time of Use

The potential vulnerability that occurs when there is a change between when an app checked a resource and when the app used the resource

Question 35

What is Stored and Persistent cross-site scripting attack

Answer 35

attempts to get data provided by the attacker to be saved on to the web server by the victim.

Question 36

What is Reflected cross-site scripting attack ?

Answer 36

attempts to have a non-persistent effect activated by a victim clicking a link on the site

Question 37

What is Document Object Model (DOM) based attack ?

Answer 37

attempts to exploit the victim’s web browser. (AKA cross-site scripting attack)