Domain 8 - Software Development Security Flashcards
internal code that defines the actions an object performs in response to a message.
A method
The results or output exhibited by an object
Behavior
A collection of the common methods from a set of objects that defi nes the behavior of those objects
Class
Objects are ______ of or examples of classes that contain their methods.
instances
This occurs when methods from a class (parent or superclass) are inherited by another subclass (child).
Inheritance
the forwarding of a request by an object to another object or delegate. An object delegates if it does not have a method to handle the message.
Delegation
the characteristic of an object that allows it to respond
with different behaviors to the same message or method because of changes in external conditions.
Polymorphism
describes the strength of the relationship between the purposes of the methods within the same class.
Cohesion
the level of interaction between objects.
Coupling
This verifies that the values provided by a user match the programmer’s expectation before allowing further processing.
Input validation
puts the system into a high level of security (and possibly even disables it entirely) until an administrator can diagnose the problem and restore the system to normal operation.
fail-secure failure state
allows users to bypass failed security controls, erring on the side of permissiveness.
fail-open state
List the stages of the Software Capability Maturity
Model (abbreviated as SW-CMM)
Level 1: Initial, Level 2: Repeatable, Level 3: Defined, Level 4: Managed, Level 5: Optimizing
a type of bar chart that shows the interrelationships over time between projects and schedules.
A Gantt chart
Name the 3 basic components of change management process
Request Control, Change Control, Release Control
This component of change management process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.
Request Control
This component of change management process is used by developers to re-create the situation encountered by the user and analyze the appropriate changes to remedy the situation. It also provides an organized framework within which multiple developers can create and test a solution prior to rolling it out into a production environment.
Change Control
Once the changes are finalized, they must be approved for release through this procedure. An essential step of this component in the change management process is to double-check and ensure that any code inserted as a programming aid during this process (such as debugging code and/or back doors) is removed before releasing the new software to production. This should also include acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.
Release Control
List the four main components of configuration management.
Configuration Identification, Configuration Control, Configuration Status Accounting, Configuration Audit
During this process, administrators document the configuration of covered software products throughout the organization.
Configuration Identification
This process ensures that changes to software versions are made in accordance with the change control and configuration management policies. Updates can be made only from authorized distributions in accordance
with those policies.
Configuration Control
Formalized procedures are used to keep track of all
authorized changes that take place.
Configuration Status Accounting
This should be conducted to ensure that the actual production environment is consistent with the accounting records and that no unauthorized configuration changes have taken place.
Configuration Audit
These allow application developers to bypass traditional web pages and interact directly with the underlying service through function calls.
application programming interfaces (APIs)