Chapter 3.6

Question 1

cilent side validation

Answer 1

Client side input validation verifies data is valid upon entry to the system. Proper input validation uses a set of rules to validate entries in fields for proper use. In the event an entry is invalid, the application will reject the entry.

Question 2

server side validation

Answer 2

Server side validations occur on the web server or back-end and take more time to complete. Validation on the server side is more secure than client side validation.

Question 3

code obfuscation

Answer 3

Code obfuscation is a measure in which the developer camouflages code to make it unreadable. This a secure coding practice.

Question 4

waterfall

Answer 4

The Waterfall method maintains a top to bottom approach. When one stakeholder has finished a piece of work, the other can then begin. The waterfall approach ensures each phase of development is completed before another can proceed.

Question 5

agile

Answer 5

Agile development encourages continued interaction between each stakeholder to produce continued deliverables at a quick pace.

Question 6

kanban

Answer 6

The kanban methodology of software development is an agile approach that focuses on the growth of products with continual delivery while not overburdening the development team.

Question 7

Secure DevOps

Answer 7

The Secure DevOps development model combines the words development and operations. It is an agile-aligned model that includes security throughout its process.

Question 8

provisioning

Answer 8

Provisioning is the process of procuring, configuring and making available an application or system on certain services. Provisioning an application allows it to run on its intended platform. Since the new version has already been released in this scenario, this step has already taken place.

Question 9

deprovisioning

Answer 9

Deprovisioning is the act of removing or disabling access to a resource.

Question 10

normalization

Answer 10

Normalization is used to optimize database performance by removing duplicates, use of primary keys, and related data contained in separate tables.

Question 11

model verification

Answer 11

Model verification is the process of ensuring that software meets its intended purpose and specifications.

Question 12

version control

Answer 12

Version control tracks the versions of software in real time. It will record who has accessed the code as well as what was changed. Version Control also allows for rollback if necessary.

Question 13

change management

Answer 13

Change management is a process that follows a change to a system from identification to implementation. It is used for controlled identification and implementation of required changes within a computer system.

Question 14

stored procedures

Answer 14

A stored procedure is a set of Structured Query Language (SQL) statements stored in a database as a group, so it can be reused and shared by multiple programs. Stored procedures can validate input.

Question 15

state table

Answer 15

A state table contains information about sessions between network hosts. This type of data is gathered by a stateful firewall.

Question 16

compiling

Answer 16

Compiling code occurs when a compiler is necessary to make the files executable. The compiler checks the code for errors, and if an error is found, it will not allow the code to execute.

Question 17

runtime

Answer 17

Runtime is when the application is actually running in its normal state. The code has already been executed and errors can be checked.

Question 18

baseline

Answer 18

A baseline is a starting point for a system in the software development cycle. It is established by predefined requirements, documentation and specifications.

Question 19

fuzzing

Answer 19

Fuzzing is a dynamic analysis technique that checks code as it is running. When using fuzzing, the system is attacked with random data to check for code vulnerabilities.

Question 20

continuous integration

Answer 20

Continuous integration allows for the merging of code changes into a central repository. The code is built and tested each time it is checked into the environment, providing a more efficient method to code production.

Question 21

stress testing

Answer 21

Stress testing attempts to simulate a production environment and focuses on the objective and threshold that an application can handle while maintaining performance.

Question 22

static code analyzer

Answer 22

A static code analyzer examines code quality and effectiveness without executing the code. An analyzer can be used in conjunction with development, for continued code quality checks, or once the code is in its finalization stages.