Domain 8 - Software Development Security

Question 1

Code repositories

Answer 1

• where source code and related artifacts (such as libraries) are stored. Do not commit sensitive information, protect access to code repo, sign your work, keep dev tools (IDE) up to date, most repos use git (most widely used modern version control system)

Question 2

Code libraries

Answer 2

• improve security and reduce risk, ie certain languages are prone to certain attacks > in lower level languages like C, use of safe memory allocation and string manipulation libraries can reduce risk of buffer overflow attacks. Utility functions that other people have written ie encryption, bulk data transfer, etc.

Question 3

Runtime

Answer 3

• describes the period of time during which a software program is running, where dynamic application testing (DAST) evaluates the security of an application, assessing software sec at runtime is generally the only option because you don’t have option to the source code, for containers scan at build time and runtime, both source code and runtime scan for apps is best practice when source code is available

Question 4

CI/CD

Answer 4

• continuous integration continous delivery, how we deliver frequent releases, implement identity and access management (including MFA) to restrict access to pipeline, store secrets securely and scan code to ensure no hard-coded secrets, implement role-based access control (and least privilege access) to the environment, automate vulnerability scanning in ci/cd pipeline, release versioning for tracking and recoverability

Question 5

Static Application Sec Testing

Answer 5

• analysis of software performed without actually executing the program, tester has access to the underlying framework/design/implementation, requires source code, tests “inside out”

Question 6

Dynamic application sec testing (DAST)

Answer 6

executes the application, tester has no knowledge of underlying tech or source code, “outside in”

Question 7

SCM (software configuration management)

Answer 7

baselining aka snapshot of a system/ app, should also create artifacts that may be used to help understand system config

Question 8

Tables (RDBMS)

Answer 8

• aka relations, contain a number of attributes/ fields. Each one corresponds to a column in the table

Question 9

Rows (RDBMS)

Answer 9

• aka records or tuples, data record within a table, each row reps a complete record of specific item data

Question 10

Columns (RDBMS)

Answer 10

• set of data values of a particular type, one value for each row of the database ie “first name” “job title” etc, aka fields or attributes, DEGREES of the table are # of columns

Question 11

Candidate Keys (RDBMS)

Answer 11

subset of attributes that can be used to uniquely identify any record in a table, no 2 records in the same table will ever contain the same values for all attributes composing a candidate key, ie “student ID” or “Patient number”, can be one or more per table

Question 12

Primary key (RDBMS)

Answer 12

• selected from set of candidate keys for a table to be used to uniquely identify the records in a table, only one per table, chosen at design time, ie “patient number” or “employee ID”

Question 13

Foreign Keys (RDBMS)

Answer 13

• enforce relationships between 2 tables, aka referential integrity. Ensures that if one table contains a foreign key, it corresponds to a still existing primary key in the other table in the relationship

Question 14

Aggregation attack (RDBMS)

Answer 14

• create sensitive information by combining non-sensitive data from separate sources, need to know and least privilege can prevent, based on math usually

Question 15

Inference attack (RDBMS)

Answer 15

• deduce sensitive information from observing non-sensitive pieces of information, blurring data and database partitioning may prevent this attack, based on human deduction

Question 16

Primary memory (real memory)

Answer 16

• directly available to CPU aka RAM aka volatile RAM!! Most high performance storage available, ops happening in memory are fast than writing to storage,

Question 17

Secondary storage

Answer 17

• inexpensive non-volatile storage available for long term use, includes magnetic and optical media ie tapes, disks, hard drives, flash drives, CD/DVD storage

Question 18

Virtual memory

Answer 18

• allows a system to simulate primary memory resources through the use of secondary storage ie system low on RAM makes a hard disk available for direct CPU addressing

Question 19

Virtual storage

Answer 19

• simulate secondary storage through the use of primary storage, most common example is RAM disk that presents itself to the OS as secondary storage, provides a very fast file system for apps but no recovery capability

Question 20

Random access storage

Answer 20

• allows OS to request contents from any point within the media, RAM and Hard Drives

Question 21

Sequential access storage

Answer 21

• requires scanning through entire media from beginning to reach a specific address, ie magnetic tape, old school magnetic storage backup tapes

Question 22

Volatile storage

Answer 22

• loses contents when power is removed, ie RAM

Question 23

Non-volatile storage

Answer 23

• does not depend on presence of power to maintain contents, magnetic/ optical media and nonvolatile RAM (NVRAM)

Question 24

Expert systems

Answer 24

• consist of 2 systems > knowledge base that contains series of “if/ then” rules > inference engine that uses that information to draw conclusions about other data

Question 25

Machine learning

Answer 25

• attempt to algorithmically discover knowledge from datasets

Question 26

Neural networks

Answer 26

• simulate function of the human mind, arrange layered calculations to solve problems, require extensive training on a particular problem before they can offer solutions

Question 27

Agile

Answer 27

• emphasis on the needs of the customer and quickly developing new functionality that meets those needs in an iterative fashion, RESPONSIVE TO CUSTOMER NEEDS, more responsive than waterfall (opposing strategies), 4 principles!! Individuals/ interactions over processes and tools, working software over comprehensive documentation, customer collaboration over contract negotiation, responding to change over following a plan. Gets to finish line faster since we can pivot quickly

Question 28

Waterfall

Answer 28

• describes a SEQUENTIAL development process that results in the development of a finished product, less responsive than agile (opposing strategies), 7 stage process that allows return to previous stage for corrections. 7 steps: system requirements > software requirements > preliminary design > detailed design > code and debug > testing > ops and maintenance. Each phase can only go back 1 phase for correction

Question 29

Spiral

Answer 29

• uses several iterations of waterfall to produce a number of fully specified and tested prototypes. Each loop ends in a new prototype, ITERATIVE

Question 30

Software development maturity models

Answer 30

• improve maturity and quality of software processes by implementing evolutionary path from ad hoc, chaotic processes, to mature disciplined software processes. Know SE-CM and IDEAL

Question 31

Capability maturity model (SW-CMM)

Answer 31

• 5 step model for measuring software development: level 1 initial = no plan > level 2 repeatable = basic lifecycle management > level 3 defined = formal and documented SW dev process > level 4 managed = quantitative measures to gain detailed understanding > level 5 optimized = continuous dev process with feedback loops (CI/CD)

Question 32

IDEAL Model

Answer 32

• model for software development, similar to SW-CMM. STEPS: Initiating = business reasons outlined, support & infra put in place > diagnosing = engineers analyze current state of org & make recs for change > Establishing = org takes recs & develops plan to achieve the changes > Acting = putting the plan into action > Learning = org continuously analyzes efforts/ results and proposes new actions to drive better results

Question 33

Request Control

Answer 33

• organized framework within which users can request mods, managers can conduct cost/ benefit analysis, and devs can prioritize tasks

Question 34

Change control

Answer 34

• used by devs to recreate the situation encountered by the user and analyze appropriate changes to remedy the situation

Question 35

Release control

Answer 35

• once code changes are finalized, they must be approved for release through release control procedure. Should also include acceptance testing to ensure the alterations are understood and functional

Question 36

Software Testing

Answer 36

• should be tested thoroughly before distributing, programming team should develop special data sets that exercise all paths of the software to the fullest extent possible, can be automated or manual

Question 37

File infection

Answer 37

• infect different types of executable files and trigger when the OS attempts to execute them ie .exe files

Question 38

Service injection

Answer 38

• escape detection by injecting into trusted runtime processes of the OS such as svchost.exe, winlogon.exe, and explorer.exe

Question 39

Boot sector infection

Answer 39

• infects legit boot sector and is loaded into memory during the OS load process

Question 40

Macro infection

Answer 40

• infect and spread through code in macros ie visual basic for apps in MS Office docs

Question 41

A/V software

Answer 41

• signature and behavioral based, for signature based it must be updated frequently, behavior based flags/ blocks unusual activity even it doesn’t match known malware signature

Question 42

Password crackers

Answer 42

• take cred stolen in a breach and extract passwords from it ie hashes

Question 43

Dictionary attacks

Answer 43

• uses large dictionary file and runs encryption against all words to obtain their encrypted equivalents, type of brute force

Question 44

Social engineering

Answer 44

• tricking user into giving up their password, security awareness training

Question 45

Rootkit (escalation of privilege)

Answer 45

• freely available, used as 2nd by attackers to exploit known vulns in various OS enabling attackers to elevate privs

Question 46

Buffer overflow

Answer 46

• developer does not validate user input to ensure that it is of an appropriate size, too large of input can “overflow” the memory buffer, common in web forms

Question 47

Backdoor

Answer 47

• undocumented command sequence that can allow individuals to bypass normal access restrictions, often used during development and debugging

Question 48

Time of check to time of use (TOC/TOU)

Answer 48

• timing vuln that occurs when a program checks access permissions too far in advance of a resource request

Question 49

Cross site scripting (XSS)

Answer 49

• type of injection where malicious scripts are injected into otherwise benign and trusted websites, attacker uses a web app to send malicious code to a different end user, occur when web apps contain “REFLECTED INPUT”

Question 50

SQL Injection attacks

Answer 50

• use unexpected input to a web application to gain unauthorized access to an underlying database

Question 51

Cross Site Request Forgery (CSRF)

Answer 51

attack that forces an end user to execute unwanted actions on a web application in which they’re currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker’s choosing

Question 52

IP Probes

Answer 52

• ping each ip address in a range, systems that respond are logged for further analysis

Question 53

Port scan

Answer 53

• look for open and listening ports

Question 54

Vuln scan

Answer 54

• look for specific vulns

Question 55

Protection rings

Answer 55

• aka hierarchical protection domains, RINGS: Ring 0 = kernal > ring 1 = device drivers > ring 2 = device drivers > ring 3 = applications

Question 56

Software Development Lifecycle (SDLC)

Answer 56

Real Developers Ideas Take Effort
○ Requirements analysis (SDLC) -
○ Design (SDLC) -
○ Implementation (SDLC) -
○ Testing (SDLC) -
Evolution (SDLC) -

Question 57

Concentric circle security

Answer 57

• several mutually independent sec applications, processes, or services that operate toward a single common goal, avoids monolithic security stance, EVERY individual sec mechanism has a flaw or workaround, layered defense, COMBINE countermeasures, DEFENSE IN DEPTH

Question 58

OS attacks

Answer 58

• buffer overflow, OS bugs, unpatched OS

Question 59

Application level attacks

Answer 59

• overflow, active content, XSS, DoS, SQL injection, session hijacking, phishing

Question 60

Shrink wrap code attacks

Answer 60

• exploiting holes in unpatched or poorly configured software you buy and install

Question 61

Misconfiguration attacks

Answer 61

• target poorly or default configured service or device ie wifi router left in default settings