Chap 20: Software Development Security Flashcards

1
Q

Explain the basic architecture of a relational database management system (RDBMS).

A

Know the structure of relational databases. Be able to explain the function of tables (relations), rows (records/tuples), and columns (fields/attributes). Know how relationships are defined between tables and the roles of various types of keys. Describe the database security threats posed by aggregation and inference.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Explain how expert systems, machine learning, and neural networks function. Expert systems
consist of two main components: a knowledge base that contains a series of “if/then”
rules and an inference engine that uses that information to draw conclusions about other
data. Machine learning techniques attempt to algorithmically discover knowledge from
datasets. Neural networks simulate the functioning of the human mind to a limited extent by
arranging a series of layered calculations to solve problems. Neural networks require extensive
training on a particular problem before they are able to offer solutions.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Understand the models of systems development. Know that the waterfall model describes a
sequential development process that results in the development of a finished product. Developers
may step back only one phase in the process if errors are discovered. The spiral model
uses several iterations of the waterfall model to produce a number of fully specified and
tested prototypes. Agile development models place an emphasis on the needs of the customer
and quickly developing new functionality that meets those needs in an iterative fashion.

A
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Explain the Scrum approach to Agile software development.

A

Scrum is an organized approach to implementing the Agile philosophy. It relies on daily scrum meetings to organize and review work. Development focuses on short sprints of activity that deliver finished products.
Integrated Product Teams (IPTs) are an early effort at this approach that was used by the U.S. Department of Defense.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Describe software development maturity models.

A

Know that maturity models help software organizations improve the maturity and quality of their software processes by implementing an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. Be able to describe the SW-CMM,
IDEAL, and SAMM models.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Describe software development maturity models.

A

Know that maturity models help software organizations improve the maturity and quality of their software processes by implementing an evolutionary path from ad hoc, chaotic processes to mature, disciplined software processes. Be able to describe the SW-CMM,
IDEAL, and SAMM models.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Understand the importance of change and configuration management.

A

Know the three basic components of change control—request control, change control, and release control—and how they contribute to security. Explain how configuration management controls the versions of software used in an organization. Understand how the auditing and logging of changes mitigates risk to the organization.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Understand the importance of testing.

A

Software testing should be designed as part of the
development process. Testing should be used as a management tool to improve the design, development, and production processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Explain the role of DevOps and DevSecOps in the modern enterprise.

A
DevOps approaches seek to integrate software development and operations activities by embracing automation and collaboration between teams. DevSecOps approaches expand on the DevOps model by introducing security operations activities into the integrated model. Continuous integration
and delivery (CI/CD) techniques automate the DevOps and DevSecOps pipelines.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Know the role of different coding tools in software development ecosystems.

A

Developers write code in different programming languages, which is then either compiled into
machine language or executed through an interpreter. Developers may make use of software
development tool sets and integrated development environments to facilitate the code writing process. Software libraries create shared and reusable code, whereas code repositories provide a management platform for the software development process.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Explain the impact of acquired software on the organization.

A

Organizations may purchase commercial off-the- shelf
(COTS) software to meet their requirements, and they may also rely on free open source software (OSS). All of this software expands the potential attack surface
and requires security review and testing.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly