Chapter 24: Software Development Flashcards
Five phases of SDLC
software development lifecycle: requirements gathering, design, development, testing, and operations and maintenance (O&M)
CASE
computer-aided software engineering
computer-aided software engineering
type of software which allows for the automated development of software (program editors, debuggers, code analyzers, version-control mechanisms; increase development speed and productivity and reduce errors
attack surface
collection of possible entry points for an attacker
threat modeling
systematic approach to understand how different threats could be realized and how successful compromise could take place
prototyping methodology
creating a sample of the code for proof-of-concept purposes
spiral methodology
iterative approach emphasizing risk analysis per iteration
RAD
rapid application development
DevSecOps
improve internal coordination and reduce friction by integrating the development, operations, and security teams when developing software
IPT
`integrated product team
integrated product team
multidisciplinary development team with representatives from many or all the stakeholder populations
CMMI
Capability Maturity Model Integration
Capability Maturity Model Integration
process improvement approach which provides organizations with the essential elements of effective processes, which will improve their performance
six maturity levels of the CMMI model
0 - Incomplete, 1 - Initial, 2 - Managed, 3 - Defined, 4 - Quantitatively Managed, 5 - Optimizing
OWASP SAMM
Software Assurance Maturity Model, focused on secure software development and allows orgs to decide their target maturity levels within each five critical business functions: Governance, Design, Implementation, Verification, and Operations
JAD
Joint Application Development; team approach in app dev in a workshop-oriented environment
RAD
Rapid Application Development; combines prototyping and iterative dev procedures with the goal of accelerating software dev process
Reuse methodology
using progressively developed code; programs evolve gradually by modifying preexisting prototypes to customer specifications
Cleanroom
prevents errors or mistakes by following structured and formal methods of developing and testing; used for high-quality and critical applications that will be put through strict certification process
0 - Incomplete
dev process is ad hoc and chaotic; tasks not completed and so projects are cancelled or abandoned
1 - Initial
effective management procedures and plans; no assurance of consistency, and quality is unpredictable; success is the result of individual heroics
2 - Managed
formal management structure, change control, and quality assurance for individual projects; org can properly repeat processes throughout each project
3 - Defined
Formal procedures in place; org is proactive rather than reactive
4 - Quantitatively Managed
formal processes to collect and analyze quantitative data, metrics are defined and fed into process-improvement program
5 - Optimizing
budgeted and integrated plans for continuous process improvement, which allow it to quickly respond to opportunities and changes
Waterfall
rigid approach used if requirements are fully understood and different orgs will perform the work at each phase
user stories
agile methodology (Scrum) for documenting requirements for a software system
