Domain 8: Software Development Security Flashcards
Extreme Programing (XP)
An Agile development method that uses pairs of programmers who work off a detailed specification
XP Core practices:
.Planning:specifies the desired features
.Paired programming
.Forty-hour work week: forecasted iterations should be accurate enough to forecast hours required
.Total customer involvement
.Detailed test procedures: called test units
Object
A “black box” that combines code and data, and sends that receives messages
Object-Oriented Programming
.Treats a program as a series of connected objects that communicate via messages
.Changes the older procedural programming methodology
Procedural Language
Programming language that uses subroutines, procedures and functions
Spiral Model
.Software development model designed to control risk
.Repeats steps of a project, starting with the modest goals and expanding outwards in ever wide spirals (called rounds)
.each round of the spiral constitutes a project.
.each round may follow traditional software development methodology such as waterfall
.risk analysis performed each round.
Software Development Lifecycle
A development model that focuses on security at every phase.
.Broader that many applications development models, focusing on the entire system, from selection/development, through operational requirements, to secure disposal
.NIST SP 800-14
Waterfall Model
An application development model that uses rigid phases; when one phase ends, the next begins
>Unmodified model does not allow developed to go back to previous steps.
>Modified waterfall model allows verified and validate of the user requirements at every phase.
SEI Capability Maturity Model (CMM)
.A maturity framework for evaluating and improving the software development process.
.Goal of CMM is to develop a methodical framework for creating quality software which allows for measurable and repeatable results
Machine Code
.Machine Language
.software that is executed directly by the CPU
.CPU dependent
.series of 1s and 0s that translate instructions that are understood by the CPU
Source code
computer language instructions which are written in text that must be translated into machine code before execution by the CPU
Assemblers
.Assembly language is a low-level computer programming language.
.Instructions are show mnemonics, ADD SUB JMP
. An assembler converts assembly language into machine language.
.A disassembler attempts to covert machine language into assembly
Compiler
Compiler takes source code, such as C and Basic and compile it into machine code.
Ones compiled the machine language is executed by the CPU
Interpreters
.Interpreted language differs from compiled languages:
.Interpreted code (such as shell code) in compiled on the fly each time the program is run
.Perl, Python, Java
Bytecode
.Is also interpreted code
.Bytecode exists as an intermediary from (converted from source code), but must still be converted to machine code before it may run on the CPU
Programming Language Generation
.First Generation language: machine code
.Second Generation language: assembly
.Third Generation language: COBOL, C, Basic
.Fourth Generation language: Coldfusion, Progress 4GL, Oracle Reports
>tend to be graphical user interface focused, dragging and dropping elements and them generation code based on results
>creation of databases, reports and websites
Computer-Aided Software Engineering (CASE)
.Uses programs to assist in the creation and maintenance of other programs
.Three types of CASE software
>Tools: support only specific tasks in a software production process
>Workbenches: supports one or a few software process activities by integrating SEVERAL TOOLS in a single application
>Environments: support all or at least part of the software productions process with a collection of TOOLS and WORKBENCHES
Top-Down Programming
Programming starts with the broadest and highest level requirements (the concept of the final program) and works down towards the low-level technical implementation
- procedural languages typically use.
- start with the main program, define the procedures and work down from there