Chapter 4- Software Development Security Flashcards
SDLC Basic Phases
Project Initiation and Planning; Functional Requirements Definition; System Design Specification; Developmnet and Implementation; Documentation and common program controls; Testing and evaluation control (C&A); Transistion to production (implementation)
SLC
Extends above SDLC - Operations and maintenance support; revisions and system replacement; project initiation and planning
Project Initiation
Security activities should be done in parallel
Functional Requirements
Security requirements should be formalized
System Design Specifications
security features designed, generally based on the overall security architecture for the company
Development and Implementation
code should be analyzed to eliminate common vulnerabilities that might lead to security exploits and other risks
Documentation and Common Program Controls
types of logging the program should be doing
Acceptance
tested to ensure it meets all the functional and security requirements. Testing is to ensure that the application meets its security requirements and specifications and uncover all design flaws that would violate security policy. Run independently in a production simulation environment. First Phase of C&A
Testing and Evaluation Controls
bounds checking and data validation - test data should not be production data. test all changes
C&A
Certification and Accreditation - Certification is the process of evaluating security stance of the software and against a set of security standards or policies. Verify conversion. Accreditation - Acceptable level of risk is determined. Provisional accreditation is for a specific period and outlines specific changes. Full means no changes required.
Transition to Production (implementation)
obtain security accreditation, train users, implement, parallel operations if necessary.
Revisions and System Replacement
Changes must follow SDLC and be recorded in change managment system. Reviews should inlcude security planning and procedures - application audits should be conducted periodically including documentatin security incidents and system failures.
CMM
Capability Maturity Model for Software - focuses on quality management process and has 5 maturity levels. ISO 9000 includes software development quality standards
Waterfall life-cycle method
oldest method - list of activities that must be completed before the next phase begins
Structured Programming Development
promotes discipline, allows introspection, and provides controlled flexibility - requires defined processes and modular development - each phase is subject to reviews and appraisals
Spiral Method
nested version of the Waterfall method. - Plan DO Check Act sub phases
Clean room
method of controlling defects - focuses defect prevention. more time spent in early phases.
Iterative development
successive refinements of requirements, design, and coding
Prototyping
simplified version, release for review, user feed back build better second version
Modified Prootype model
ideal for Web app development - deployed in quick time frame
Rapid application development
strict time limits on each phase - rapid prototyping
Joint Analysis Development
developers work directly with users to develop a working application
Exploratory Model
set of requirements built with what is currently available
CASE
computer-aided software engineering - use computers and utilities to help with systematic analysis, desing, development, implementation and maintenance of software
Component based development
standardized building blocks to assemble rather than develop
Reuse model
built from existing components.
Extreme programming
values of simplicity, communication and feedback - fairly structured
DBMS
a suite of application programs that typically manage large structured sets of persistant data. 4 elements - database engine, hardware platform, application software and users
Transaction persistence
state of the database is the same after a transaction has occured and transaction should be durable
Fault Tolerance and recovery
in case of failure data should remain int its original state. Two types of recovery - rollback and shadowing. Rollback - incomplete transactions are backed out. Shadow requires the use of transaction logging to indetify the last good transaction.
Hierarchial Database Management Model
stores data in a series or records together as a record type. These record types are the equivalent of tables in a relational model. can only cope with a single tree
Network Database Management Model
refers to method of how data is linked to other data.
Relational Database Management Model
series of tables that have columns representating variables and rows containing specific instances of data. Tables/Relations data structures; Integrity rules on allowable values and combinations of values; data manipulation agents. Rows/Tuples - Columns/Attributes atomic - every row/column position - one data value concurrency - dbms interleaves actions (read/writes) of various transactions atomicity - execute all actions in one step or not executing any actions at all
Integrity
Entity Integrity and Referential Integrity derived from Clark and Wilson. Entity - tuple must have a unique and non null value in the primary key. Referential - for any foreign key value, the referenced relation must have a tuple with the same value for its primary key.
Schema
structure of a database
Tables
columns and rows of data
Views
defines what a user can view
DDL
used to create databases, tables, view, indices
DML
used to query and extract data
DCL
commit, savepoint, rollback, set transaction
Object oriented database
interact with applications without the language overhead
object-relational
hybrid - provides updrade path
ODBC
Open Database Connectivity - API between applications and databases - credentials stored in clear text - Microsoft
JDBC
Java Database Connectivity - connect directly or through ODBC - Sun Microsystems
XML
eXtensible Markup Language - structuring data in a text file. W3C standard since 1998
OLE DB
Object Linking and Embedding Database - object embedded or linked to the inside of another object. The component object model (COM) is the protocol that allows OLE to work.
Tiered application approach
Presentation, business logic layer and data layer
ActiveX Data Objects
ADO- interface for all kinds of data
Dublin Core
metadata element standard - the availability of a practical , usable namespace.
OLAP
Online Analytical Processing - formulate queries
Data mining
decision making technique
Aggregation and Inference
ability to combine nonsensitive data from separate source to create sensitive information Inference - ability to deduce sensitive or restricted information from observing available information
Bypass attacks
bypass front end application controls and directly access and manipulate data
concurrency
when actions are processes run at the same time
data contamination
input data errors affects integrity
deadlocking
two users try to access at the same time
Atomicity
ACID - A - all parts of transactions are either committed or rolled back
Consistency
ACID - C - database is transformed from one valid state to another valid state
Isolation and Durability
ACID - I - transaction is invisible until complete ACID - D - results of completed transaction are permanent
OLTP
online transaction processing
Neural networks
develop classification, regression, association, and segmentation models based on the way neurons work in the human brain
HTTP
stateless technology
von Neumann
all computers today - no inherent difference between data and programming in the memory of the computer
citizen programmers
unlikely to be trained in system development practices
covert channel
information flow issue. allows two cooperating processes to transfer information in such a way that it violates the system’s security policy. Two types: storage and timing
virus
defined by its ability to reproduce and spread
worm
spreads on its own
multipartitie
originally named to indicate that it was able to infect both boot sectors and program files. - now can affect more than one type of object.
macro virus
infect data files and tend to remain resident - operates across hardware or operating system platforms -
script virus
stand alone files that can be executed by an interpreter
trojan
pretends to do one thing while performing another unwanted action.
RAT
remote access trojan
The key objective of application security is to ensure: A. that the software is hacker proof B. the confidentiality, integrity and availability of data C. accountability of software and user activity D. prevent data theft
B. the confidentiality, integrity and availability of data
For an application security program to be effective within an organization, it is critical to A. Identify regulatory and compliance requirements B. Educate the software development organization the impact of insecure programming C. Develop the security policy that can be enforced D. Properly test all the software that is developed by your organization for security vulnerabilities
C. Develop the security policy that can be enforced
The best defense against session hijacking and man in the middle attacks is to use which of the following in the development software: A. Unique and random identification B. Use prepared statements and procedures C. Database views D. Encryption
A. Unique and random identification
An important characteristic of bytecode is that is A. has increased secure inherently due to sandboxing B. manages memory operations automatically C. is more difficult to reverse engineer D. is faster than interpreted languages
D. is faster than interpreted languages
Two cooperating processes simultaneously compete for a shared resource, in such a way that they violate the system’s security policy, is commonly known as A. Covert channel B. Denial of Service C. Overt Channel D. Object resue
A. Covert channel
An organization has a website with a guest book feature, where visitors to the web site can input there names and comments about the organization. Each time the guest book web page loads, a message box is prompted with the message “You have been POwnd” followed by redirection to a different website. Analysis reveals that the no input validation or output encoding is being performed in the web application. This is the basis for which type of attack? A. Denial of Service B. Cross-site scripting (XSS) C. Malicious File Execution D. Injection Flaws
B. Cross-site scripting (XSS)
The art of influencing people to divulge sensitive information about themselves or their organization by either coercion or masquerading as a valid entity is known as A. Dumpster Diving B. Shoulder Surfing C. Phishing D. Social Engineering
D. Social Engineering
An organization’s server audit logs indicate that an employee that was terminated in the morning was still able to access certain sensitive resources on his system, on the internal network, that afternoon. The logs indicate that the employee had logged on successfully before he was terminated but there is no record of him logging off before he was terminated. This is an example of which type of attack? A. time of check/time of use (toc/tou) B. Logic bomb C. Remote- access Trojans (RATs) D. Phishing
A. time of check/time of use (toc/tou)
The most effective defense against a buffer overflow attack is A. disallowing dynamic construction of queries B. bounds checking C. encoding output D. forced garbage collection
B. bounds checking
It is extremely important that as one follows a software development project, security activities are performed A. before release to production, so that the project is not delayed B. if a vulnerability is detected in your software C. in each stage of the life cycle D. when management mandates it
C. in each stage of the life cycle
audit logs are what type of control? A. Preventative B. Detective C. Compensating D. Corrective
B. Detective
Who can enforce the separation of duties by ensuring that programmers do not have access to production code? A. Operations Personnel B. software librarian C. Management D. Quality Assurance personnel
B. software librarian
The technical evaluation of assurance to ensure that security requirements have been met is known as? A. Accreditation B. Certification C. Validation D. Verification
B. Certification
defect prevention rather than defect removal is characteristic of which of the following software development methodology A. Computer Aided Software Engineering (CASE) B. Spiral C. Waterfall D. Cleanroom
D. Cleanroom
A security protection mechanism in which untrusted code, which is unsigned, is restricted from accessing system resources is known as? A. Sandboxing B. Non-repudiation C. Separation of Duties D. Obfuscation
A. Sandboxing
A program that does not reproduce itself but pretends to be performing a legitimate action, while actually performing malicious operations in the background, is the characteristic of which of the following A. Worms B. Trapdoor C. Virus D. Trojan
D. Trojan
A plot to take insignificant pennies from a user’s bank account is an example of A. Social Engineering B. Salami Attack C. Pranks D. Hoaxes
B. Salami Attack
role based access control to protect confidentiality of data in databases can be best achieved through which of the following? A. Views B. Encryption C. Hashing D. Masking
A. Views
The two most dangerous database attacks containing disparate non-sensitive information are A. Injection and scripting B. Session hijacking and cookie poisoning C. Aggregation and inference D. Bypassing authentication and insecure cryptography
C. Aggregation and inference
A property that ensures only valid or legal transactions that do not violate any user-defined integrity constraints in DBMS technologies is known as A. Atomicity B. Consistency C. Isolation D. Durability
B. Consistency
Expert systems are comprised of a knowledge base containing modeled human experience and which of the following? A. Inference engine B. Statistical models C. Neural networks D. Roles
A. Inference engine
