Chaptet 10 - Software Security

Question 0

Initiation

Answer 0

The first step, the idea, the choosing a vendor vs homebrew, the project level risk assessment .. Will this work?

Question 1

Software development lifecycle

Answer 1

Initiation
Acquisition
Implementation
Operation/Maintenance
Disposal

Question 2

Certification vs accreditation

Answer 2

Certification is the technical testing

Accreditation is the formal authorization

Question 3

Statement of work

Answer 3

Outlines the work necessary to work with a customer on a project

Question 4

Scope creep

Answer 4

When the purpose of a project shifts during the processes and additional steps are added

Question 5

Work breakdown structure

Answer 5

A project management tool used to group sets of activities logically to keep focused

Question 6

Privacy risk assessment

Answer 6

A software risk assessment to discover vulnerabilities

Question 7

Privacy impact rating

Answer 7

This is the level of impact per item on the privacy risk assessment, generally rated in P1 to P3

Question 8

What three models of software design are there?

Answer 8

Informational
Functional
Behavioral

Question 9

Attack surface analysis

Answer 9

Aims to reduce the amount of code accessible by untrusted users

Question 10

Threat modeling

Answer 10

Model used to detect threat vectors using a threat analysis tree

Threat analysis and modeling tool

Question 11

Computer aided software engineering CASE

Answer 11

Tools like dreamweaver and visual studio

Question 12

Where can I find a list of common code vulnerabilities?

Answer 12

Cwe.mitre.org/top25/#Listing

Question 13

Static analysis

Answer 13

Automated code review

Question 14

Unit testing

Answer 14

Testing a module or chunk of code

Question 15

What are the key components of a test phase?

Answer 15

Test needs to mirror production
Pen testing is necessary
Platform testing

Question 16

Testing types

Answer 16

Unit testing
Integration testing
Acceptance testing
Regression testing

Question 17

Fuzzing

Answer 17

Throwing random data at a solution to see what errors occur in order to detect vulnerabilities

Question 18

Dynamic analysis

Answer 18

Watching the code stream and sub level messages to ensure code is running correctly

Question 19

Maintenance hook

Answer 19

Code that is used for troubleshooting low level code and should be removed in prod

Question 20

Verification vs validation

Answer 20

Verification determines accuracy to spec

Validation determines of the product solved the intended problem

Question 21

Zero day vulnerability

Answer 21

Vulnerability that does not have a fix yet

Question 22

Wasc

Answer 22

Web application security consortium is a web organization that tracks attacks on the Internet

Owasp is the open standard for this

Question 23

ISO 27034

Answer 23

Software development guidelines

Question 24

Build in security

Answer 24

A homeland security effort that makes guidelines for software developers

Question 25

Build and fix model

Answer 25

Build and deploy first .. Then fix

Question 26

Waterfall model

Answer 26

Each phase is completed in entirety and cannot be returned to until the process is completed as a whole

Question 27

V-shaped model

Answer 27

Similar to waterfall but with testing at each stage that can fall back to previous steps

Question 28

Rapid prototype

Answer 28

A throw away prototype meant to just see it in a action

Question 29

Evolutionary vs operational prototype

Answer 29

A prototype that is not discarded but evolved, operational means it is put into production

Question 30

Incremental model

Answer 30

Many small waterfalls take place with each phase

Question 31

Spiral model

Answer 31

Slow moving security conscientious and risk centric model with evolutionary and operational prototypes in the mix

Question 32

Rapid application development

Answer 32

Demonstrate refine build repeat

Question 33

Agile model

Answer 33

Functional based incremental code that is assembled on the fly and driven by customer requirements

Question 34

Exploratory model

Answer 34

Specification based development

Question 35

Joint analysis development

Answer 35

Workshop oriented development

Question 36

Reuse model

Answer 36

Taking other functions already made an piecing them together

Question 37

Clean room development

Answer 37

Development that is mostly test based and meant for certification

Question 38

Capability maturity model integration

Answer 38

A maturity model that helps companies work together in development

Question 39

CMMI stages

Answer 39

Initial
Repeatable
Defined
Managed
Optimized

Question 40

Software configuration manager

Answer 40

GitHub like software

Question 41

Software escrow

Answer 41

When software is stored for individuals in a software ‘vault’

Question 42

Assembly language

Answer 42

Uses assemblers to take ADD PUSH POP etc commands and create then into binary

Question 43

High level language

Answer 43

C is considered a high level language and uses else if and then

Question 44

Very high language

Answer 44

C++ is a good example of this level

Question 45

Natural languages

Answer 45

C# is a natural language and flows logically and easily

Question 46

Generation one language

Answer 46

Machine language

Question 47

Interpreter

Answer 47

Used as an intermediary to run bytecode .. Java, flash, powershell, bash are interpreted languages

Question 48

Garbage collection

Answer 48

Taking all unused memory cells and giving them back to the OS

Question 50

OOP

Answer 50

Object based language

Question 51

Method

Answer 51

An actionable code that modifies an object

Question 52

Encapsulated code

Answer 52

Reusable isolated object

Question 53

Data hiding

Answer 53

Objects can access other objects except through methods

Question 54

Library

Answer 54

All needed objects live in one place and exist only once

Question 55

OOA vs OOD structured analysis

Answer 55

OOA is analysis and classification OOD is design that modularizes data into objects

Question 56

Data Modeling

Answer 56

I input 1 and expect 17 to output, lets test

Question 57

Cohesion

Answer 57

High cohesion means that the tasks of a module are limited and of the same limited discipline making it easier to adjust

Question 58

Coupling

Answer 58

Modules level of dependency on other modules

Question 59

Data structure

Answer 59

A logical representation between elements of data

Question 60

DCOM vs DCE

Answer 60

DCOM is Microsoft proprietary distributed computer system that uses GUID, DCE is open and uses universal unique IDs UUID

Question 61

Common Object Request Broker Architecture

Answer 61

An open object-oriented uniform standard architecture

Question 62

ORBs

Answer 62

System oriented brokers (object request broker)

Question 63

COM vs DCOM

Answer 63

Component object model is for local machines, DCOM is distributed to network machines

Question 64

.Net

Answer 64

A framework that has replaced COM/DCOM

Question 65

OLE

Answer 65

Object linking and embedding enhances COM

Question 66

J2EE

Answer 66

Java version of what COM was to Microsoft

Question 67

Service Oriented Architecture (SOA)

Answer 67

Web based single destination for service control (automatrix)

Question 68

UDDI, WSDL, and SOAP

Answer 68

XML based components that work within SOA

Question 69

Web 2.0

Answer 69

An internet in which people could supply content without code, ie Facebook, YouTube, etc

Question 70

Mashup

Answer 70

Combining common services together, this is what google did in the 90’s with search engines

Question 71

SaaS

Answer 71

Combining software into a SOA and providing a central access

Question 72

Mobile Code

Answer 72

Code executed on the client side

Question 73

JVM

Answer 73

Runs ‘bytecode’ interpreter on a java virtual machine sandbox on the client end regardless of OS

Question 74

ActiveX

Answer 74

Microsoft OOP using a COM/DCOM based sandbox

Question 75

Authenticode

Answer 75

Microsoft version of digital signatures implemented into ActiveX

Question 76

Server Side Includes

Answer 76

Document that dynamically stores information in a server side .inc file, this can be accessed and code can be learned from this

Question 77

Information Gathering

Answer 77

Getting server side includes, DB passwords, error messages and other information from the public connectable code

Question 78

Administrative Interfaces

Answer 78

Admin accessible consoles should be far more secure than the web interface that the admin console implements

Question 79

Authentication and Access Control

Answer 79

Authentication user/pass should be different per site, secured by SSL, and a strong password and uncommon username

Question 80

Input Validation

Answer 80

Ensures the input is within limits and cannot be used to crash or obtain critical data

Question 81

Client Side Validation

Answer 81

Works great to reduce server errors and load, but doesnt work out securely if it is the ONLY method being used to validate

Question 82

SQL Injection

Answer 82

Input SQL commands into input variables to execute them

Question 83

Cross Site Scripting (XSS)

Answer 83

Cross-Site Scripting any code written that can steal cookies, hijack sessions, execute malware or exploit vulnerabilities

Question 84

Parameter validation

Answer 84

Validation of system variables people shouldn’t have access to

Question 85

Session Cookie vs Persistent Cookie

Answer 85

Session is in memory, persistent is saved to the machine

Question 86

What is the risk of a web proxy?

Answer 86

Input can be changed at the proxy on session cookies

Question 87

What is the danger of hidden fields?

Answer 87

They can still be found and modified

Question 88

Adequate Parameter Validation

Answer 88

Pre-validation of input along with Post-validation

Question 89

Session Management

Answer 89

Usually done with Session IDs and should be over HTTPs

Question 90

Replay Attacks

Answer 90

Capturing requests and resubmitting them to gain access

Question 91

What are the database models?

Answer 91

Relational - N1 N2 N3
Hierarchical - Subject to Author to Book
Network - Hierarchical with a mesh
Object - Created with OOP trees
Object-relational - OOP front end to a Relational backend

Question 92

What are some client Database Interfaces?

Answer 92

ODBC - Open
OLEDB - OLE
ADO - activeX
JDBC - Java

Question 93

Data Definition Language

Answer 93

Defines structure and schema of DB

Question 94

Data Dictionary

Answer 94

Metadata (data about data) for databases

Question 95

What is the primary method of ensuring integrity in a DB?

Answer 95

Database Locking

Question 96

Semantic vs Referential vs Entity Integrity Check

Answer 96

Semantic - Rule checking
Referential - Primary/Foreign Key checking
Entity - Every Tuple has a primary key

Question 97

Rollback database

Answer 97

Undo changes

Question 98

Commit and Two-Phase commit?

Answer 98

Submits changes, two phase verifies all servers are responsive that should be first

Question 99

Aggregation

Answer 99

Taking two pieces of information and combining them to draw a secret conclusion

Question 100

Inference

Answer 100

The ability to derive information not directly accessible

Question 101

Content vs Context dependent access control

Answer 101

Content is based on sensitivity of the data

Context is based on the individual having access to all pieces of the answer before getting part of the pieces

Question 102

Cell Suppression

Answer 102

Hiding cells that could be used in inference attacks

Question 103

Partitioning the DB

Answer 103

Hides part of the answer here, and another part there

Question 104

Noise and perturbation

Answer 104

Adding false data to confuse the message

Question 105

Database Views

Answer 105

Used to give security to specific collections of tables and rows (tuples) without duplicate data

Question 106

Polyinstantiation

Answer 106

Creating bogus data to throw off legitimate higher data

Question 107

OLTP

Answer 107

Used to ensure ALL replications of the data are consistent and verified

Question 108

Data Warehousing

Answer 108

Aggregating key elements of multiple databases into one normalized database used for data mining

Question 109

Data mining

Answer 109

Mathematical and analytical reporting from a data warehouse

Question 110

Knowledge discovery in Database (KDD)

Answer 110

Used to classify and collectively organize data mining

Question 111

Expert Systems

Answer 111

AI, machines that can learn like a human brain

Question 112

Rule-based programming

Answer 112

Pattern matching to draw up inference in and inference engine

Question 113

Artificial Neural Network

Answer 113

Computer aided attempt to recreate the human brain

Question 114

Malware

Answer 114

Malicious software

Question 115

Virus

Answer 115

A self replicating piece of malware dependent on software

Question 116

Type of Viruses

Answer 116

Macro - script in application (like excel)
Boot Sector - on boot, you get hosed
Compression - on decompress, bam
Stealth - hidden by faking filesize or moving contents
Polymorphic - generates noise for the virus scanner
Multipart - infects multiple aspects of a virus
Meme - hoax emails
Script - running .vb or .jar from untrusted
Tunneling - Installs under antivirus so it cannot see it

Question 117

Worm

Answer 117

Self-replication application independent virus

Question 118

Rootkit

Answer 118

A kit of software making it easier to stay hidden, gather information, and stay accessible by the attacker

Question 119

Spyware

Answer 119

Information gathers

Question 120

Adware

Answer 120

Advertisement based malware

Question 121

Botnet

Answer 121

Bot based attacks commanded by a C&C

Question 122

Command and Control (C&C)

Answer 122

Used to centrally manage all bots at the same time, often used for DDOS, but many other applications are feasible

Question 123

Fast Flux

Answer 123

Rapidly change DNS on malicious sites to disguise source

Question 124

Logic Bombs

Answer 124

“If account disabled, deleted database”

Question 125

Trojan

Answer 125

A disguised application, ie. notepad.exe

Question 126

Remote access trojans (rats)

Answer 126

A trojan that installs an agent that gives remote access (subseven or back orifice)

Question 127

Signature based antivirus

Answer 127

Fingerprint, effective, but there is a ‘long’ delay between when the virus releases and when it is fingerprinted

Question 128

Heuristic antivirus

Answer 128

Analyzing code and making assumptions it is malware

Question 129

Static vs Dynamic Analysis

Answer 129

Dynamic is running code, static is not

Question 130

Behavior Blocking

Answer 130

Allows virus to run, but inhibits ability to function by taking away OS functionality

Question 131

Immunizer

Answer 131

Makes a particular functionality look infected, to fool the virus

Question 132

Bayesian filtering

Answer 132

Mathematical logic used to detect patterns