Domain 8 Software Dev Security Flashcards
What is the NIST SP800-34 SDLC?
- Initiation
- Development/Acquisition - Also System Development cycle
- Implementation / Assessment
- Operations/maintenance
- Disposal
What is whitebox testing?
Verifies inner program logic. Provides complete access to the program source code, details of data structures and variables.
What is blackbox testing?
Integrity testing for input and output.
What is Function testing
validates the application against a checklist of requirements
What is sociability testing
verifies the app can operate in its target environment
What is the Agile Software Development Flow?
- System Requirements
- Software requirements
- Preliminary design
- Detailed design
- Code and debugging
- Testing
- Operations and maintenance
What is valued in the Agile Software Dev Manifesto?
▫Individuals and Interactions more than processes and tools.
▫ Working Software more than comprehensive documentation.
▫ Customer Collaboration more than contract
negotiation.
▫ Responding to Change more than following a plan.
What is a scrum?
A scrum is part of agile softwre dev and is a framework for managing software dev. This is where sprints come from
What are the 3 functions brought together in DevOps?
- Software Dev
- Quality Assurance
- Technology Operations
What are the 5 stages of the Capability Maturity Model (CMM)?
- Initial
- Repeatable
- Defined
- Managed (Capable)
- Optimising
CMM: Level 1 Initial
Adhoc driven and undocumented
CMM: Level 2 Repeatable
Some processes are repeatable.
May have some form of change control and QA
CMM: Level 3 Defined
Defined processes in place and used; Qualititative process improvement in place; However process may not be used enough and users not yet competent
CMM: Level 4 Managed
Process improvement program in use; processes have metrics; users are competent with the processes
CMM: Level 5 Optimising
Continuous improvement implemented and budgeted for
What is the SAMM 5 critical business functions?
- Governance
- Design
- Implementation
- Verification
S. Operations
What chart is used when time is the major factor rather than cost?
PERT - Program evaluation review technique.
What is the difference between configuration management and change management?
Configuration management looks at changes to a specific piece of software.
Change management looks at an entire software development program.