Chapter 3.6 Flashcards
(22 cards)
cilent side validation
Client side input validation verifies data is valid upon entry to the system. Proper input validation uses a set of rules to validate entries in fields for proper use. In the event an entry is invalid, the application will reject the entry.
server side validation
Server side validations occur on the web server or back-end and take more time to complete. Validation on the server side is more secure than client side validation.
code obfuscation
Code obfuscation is a measure in which the developer camouflages code to make it unreadable. This a secure coding practice.
waterfall
The Waterfall method maintains a top to bottom approach. When one stakeholder has finished a piece of work, the other can then begin. The waterfall approach ensures each phase of development is completed before another can proceed.
agile
Agile development encourages continued interaction between each stakeholder to produce continued deliverables at a quick pace.
kanban
The kanban methodology of software development is an agile approach that focuses on the growth of products with continual delivery while not overburdening the development team.
Secure DevOps
The Secure DevOps development model combines the words development and operations. It is an agile-aligned model that includes security throughout its process.
provisioning
Provisioning is the process of procuring, configuring and making available an application or system on certain services. Provisioning an application allows it to run on its intended platform. Since the new version has already been released in this scenario, this step has already taken place.
deprovisioning
Deprovisioning is the act of removing or disabling access to a resource.
normalization
Normalization is used to optimize database performance by removing duplicates, use of primary keys, and related data contained in separate tables.
model verification
Model verification is the process of ensuring that software meets its intended purpose and specifications.
version control
Version control tracks the versions of software in real time. It will record who has accessed the code as well as what was changed. Version Control also allows for rollback if necessary.
change management
Change management is a process that follows a change to a system from identification to implementation. It is used for controlled identification and implementation of required changes within a computer system.
stored procedures
A stored procedure is a set of Structured Query Language (SQL) statements stored in a database as a group, so it can be reused and shared by multiple programs. Stored procedures can validate input.
state table
A state table contains information about sessions between network hosts. This type of data is gathered by a stateful firewall.
compiling
Compiling code occurs when a compiler is necessary to make the files executable. The compiler checks the code for errors, and if an error is found, it will not allow the code to execute.
runtime
Runtime is when the application is actually running in its normal state. The code has already been executed and errors can be checked.
baseline
A baseline is a starting point for a system in the software development cycle. It is established by predefined requirements, documentation and specifications.
fuzzing
Fuzzing is a dynamic analysis technique that checks code as it is running. When using fuzzing, the system is attacked with random data to check for code vulnerabilities.
continuous integration
Continuous integration allows for the merging of code changes into a central repository. The code is built and tested each time it is checked into the environment, providing a more efficient method to code production.
stress testing
Stress testing attempts to simulate a production environment and focuses on the objective and threshold that an application can handle while maintaining performance.
static code analyzer
A static code analyzer examines code quality and effectiveness without executing the code. An analyzer can be used in conjunction with development, for continued code quality checks, or once the code is in its finalization stages.
