Chapter 20- Software Development Security Flashcards
- Once Programmers are ready to execute their programs, two options are available to them, list them:
: Compilation and interpretation
- What is compiler?
Complier is used to convert the high-level language into an executable file designed for use on a specific operating system.
- Examples of compiled languages are:
C, Java, FORTRAN
- List some interpreted languages
Python, R, JavaScript and VBScript
- Describe Interpreted Languages:
programmer distributes the source code which contains instructions in the higher language. End users then use an interpreter to execute the source code on their systems.
- What is polymorphism in object oriented programming (oop)?
Object Oriented Programming (OOP) is the characteristic of an object that allows it to respond with different behaviours to the same message or method because of changes in external conditions.
- what is coupling in OOP?
coupling means the level of interaction.
In coupling, two classes or objects collaborate and work with each other to complete a pre-defined task.
- What is Assurance Procedure:
Assurance Procedures are simply formalised processes by which trust is built into the lifecycle of a system.
- List methods to avoid system failure in s/w development:
use input validation, creating fail safe or fail-open procedures.
- What is escaping input?
Escaping input is can transform input to remove risky character sequences and replace them with safe ones. This happens in input validation to avoid the system crash from invalid input of data.
- What is error handling?
error messages make it easier for technical staff to diagnose problems experienced by users. Developers should disable detailed error messages on severs and applications that are publicly accessible. i.e. Debugging mode.
- Explain the 2 basic choices when planning for system failure:
- Fail-secure failure state: puts the system into a high level of security until an administrator can diagnose the problem and restore the system to normal operation.
- Fail-open state allows users to bypass failed security controls, erring on the side of permissiveness.
- What is conceptual definition?
Conceptual Definition involves creating the basic concept definition for a system.
- What is a stop error?
stop error occurs when an undesirable activity occurs in spite of the OS’s efforts to prevent it. This is a fail-secure condition.
- Explain Functional Requirement Determination stage:
this involves creating a functional requirements document that that lists the specific system requirements.
- Explain the 3 major characteristics of a functional requirement:
Inputs: data provided into a function
Behaviour: The business logic describing what actions the system should take in response to different inputs.
Output(s): the data provided from a function
- List Control Specification Development steps:
access control
protect confidential data
Audit trail
fault tolerance
- List the 7 stages of development in waterfall Model
System Requirements Software Requirements Preliminary Design Detailed Design Code and Debug Testing Operations and Maintenance
- SW-CMM, CMM or SCMM means:
Software Capability Maturity Model
- What is Spiral Model?
Spiral Model encapsulates a number of iterations of another model (the waterfall model) and it is known as the metamodel or the model of models.
- What is Agile Software Development?
Agile Software Development places emphasis on the needs of the customer and on quickly developing new functionality that meet those needs in an iterative fashion.
- What is the idea behind SW-CMM?
Idea behind Software Capability Maturity Model is that the quality of the software depends on the quality of the development process.
- List the stages in Software Capability Maturity Model (SW-CMM)
IRDMO
Initial: hardworking people charging ahead in a disorganised fashion.
Repeatable: basic lifecycle management is introduced.
Defined: software developers operate according to set f formal defined software development process.
Managed: Quantitative measures are utilized to gain detailed understanding of the development process.
Optimizing: process of continuous improvement occurs.
- Describe Change Management Process:
Change Management Process has 3 components: (RCR) Request control: which users can request modifications; managers conduct cost benefit analysis.
Change Control: used by developers to re-create the situation encountered by users analyse appropriate changes to remedy the situation.
Release control: once changes are finalised, they must be approved for release, through release control procedure.
Configuration Identification: During this process, administrators document the configuration of covered software products throughout the organisation.
Configuration Control:
Configuration Status Accounting:
Configuration Audit: