Chapter 8: Software Development Security Flashcards

1
Q

What is XSS ?

A

Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is CSRF ?

A

In a CSRF attack, an unauthorized party tricks a user into browsing to an attacker’s website while already authenticated to a resource provider (RP). The attacker then exploits a vulnerability in the web application that can’t tell the difference between a request from the user and a request from someone without their consent. This causes the user to unknowingly perform actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the phases of RAD ?

A

Per CISSP, Rapid Application Development has 4 phases: Requirements Planning, User Design, Rapid Construction and Cutover.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What is the first stage of SW-CMM?

A

The first stage of the Software Capability Maturity Model:
Initial – The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort and heroics.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is the second stage of SW-CMM?

A

The second stage of the Software Capability Maturity Model:
Repeatable – Basic project management processes are established to track cost, schedule, & functionality. Necessary process discipline in place to repeat earlier successes on projects with similar applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the third stage of SW-CMM?

A

The third stage of the Software Capability Maturity Model:
Defined – Software process for both management & engineering activities is documented, standardized, & integrated into all processes for the organization. All projects use the organization’s standard software process for developing & maintaining software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the fourth stage of SW-CMM?

A

The fourth stage of the Software Capability Maturity Model:
Managed – Detailed measures of the software process & product quality are collected. The software process & products are quantitatively understood & controlled.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is the fifth stage of SW-CMM?

A

The fifth stage of the Software Capability Maturity Model:
Optimizing – Continuous process improvement is enabled by quantitative feedback from the process & from piloting innovative ideas & technologies.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is the “degree” of a database table?

A

The number of attributes (Fields).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

List the steps for SDLC Software Development.

A

Planning, Requirements, System Analysis, Design, Testing, Deployment, Maintenance

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

What is Fagan Inspection ?

A

A structured process for identifying defects in software development documents, such as code, designs, and specifications. The process is named after Michael Fagan, who is credited with inventing formal software inspections.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Which is an asynchronous review process: Pass-around Reviews, or Team Review?

A

Pass-around.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

What is SOAR ?

A

Security orchestration, automation and response

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is a CAB in software development?

A

Change Advisory Board

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is a PERT chart ?

A

Program Evaluation and Review Technique chart, often used at the beginning of a project to identify obstacles, prioritize tasks, and estimate how long it will take to complete each step.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What are the first 4 design principles from the Agile Manifesto ?

A
  1. Our highest priority is to satisfy the customer
    through early and continuous delivery
    of valuable software.
  2. Welcome changing requirements, even late in
    development. Agile processes harness change for
    the customer’s competitive advantage.
  3. Deliver working software frequently, from a
    couple of weeks to a couple of months, with a
    preference to the shorter timescale.
  4. Business people and developers must work
    together daily throughout the project.
17
Q

What are design principles 5-8 from the Agile Manifesto ?

A
  1. Build projects around motivated individuals.
    Give them the environment & support they need, & trust them to get the job done.
  2. The most efficient & effective method of
    conveying information to & within a development team is face-to-face conversation.
  3. Working software is the primary measure of progress.
  4. Agile processes promote sustainable development. Sponsors, developers, & users should be able to maintain a constant pace indefinitely.
18
Q

What are the last 4 design principles from the Agile Manifesto ?

A
  1. Continuous attention to technical excellence
    & good design enhances agility.
  2. Simplicity–the art of maximizing the amount
    of work not done–is essential.
  3. The best architectures, requirements, & designs emerge from self-organizing teams.
  4. At regular intervals, the team reflects on how
    to become more effective, then tunes & adjusts
    its behavior accordingly.
19
Q

What is polyinstantiation ?

A

Polyinstantiation allows for multiple versions of a database record or file to be created, each with different access classes. This allows for different views of the information to be provided to different users or groups.