Domain 8 (Software Development Security) Flashcards
What is IPv6 secured by (i’ts built in)?
IPSec
What is the Waterfall Software Development Methodology?
Stage by stage phase approach focused on deliverables at the end of each phase
What are the four Software Development Methodologies?
Waterfall
Prototype
Spiral
Agile
What are the advantages to the Waterfall Software Development Methodology?
Each phase has a specific deliverable and review process. Best for small projects. Define before design.
What are the disadvantages to the Waterfall Software Development Methodology?
Can’t adjust scope during life cycle. High risk. Poor model for long term projects.
What are the advantages of Prototyping Software Development Methodology?
Get client feedback early on in project.
What are the disadvantages of Prototyping Software Development Methodology?
Clients rarely understand impact of proposed changes. Developers may use shortcuts to create prototype.
What is the Spiral Software Development Methodology?
Combination of Waterfall and Prototyping.
What are the advantages of Spiral Software Development Methodology?
High amount of risk analysis. Software produced early in life cycle.
What are the disadvantages of Spiral Software Development Methodology?
Can be costly. Highly dependent on risk analysis phase.
What are the five stages of Agile Software Development Methodology?
Brainstorm Design Development Quality Assurance Deployment
What are the advantages of Agile Software Development Methodology?
Fewer defects, highly flexible, immediate feedback
What are the disadvantages of Agile Software Development Methodology?
Less documentation
What is Service Orientated Architecture?
Services and functions should be modular and run independently from one another. Vendor neutral functionality.
What is Aggregation and Inference?
Aggregation is collection data and Inference is making an assumption based on the aggregated data
What is Polyinstantiation?
Multiple instances of information. One version available lower clearance, higher clearance sees real data.
What are the five elements of good monitoring?
Consistency Quantitative Objective Relevance Inexpensive
What is Insecure Direct Object Reference?
Data disclosure by changing parameters (user?acct=6065)
What are the two types of Input Sanitation?
Stripping
Substitution
What does Stripping Input Sanitation do?
Removes harmful characters from user supplied input
What does Substitution Input Sanitation do?
Replaces user supplied input with safer alternatives
What is Dynamic Code Analysis?
Looking a the program while its running in a debugger
What is Verification?
Does the software meet the software requirements?
What is Validation?
Does the software solve the problem that it was supposed to solve?
What is Certification?
Technical evaluation of the security features
What is Accreditation?
Managements acceptable of the product (includes risk acceptance)
Name the four types of database models
Hierarchical
Distributed
Object-oriented
Relational
Describe a Hierarchical Database model
Stores information in a tree-like manner. Predetermined access paths to data.
Describe a Distributed Database model
More than one server over several locations
Describe an object orientated database model
Designed for non-text data
Describe a Relational Database Model
Tables, Rows and Columns. SQL, Oracle is an example
What is a Primary Key?
A unique identifier for each record
What is Normalization?
The process of removing duplicates and ensuring that each attribute only describes the primary key.
What is Entity Integrity?
States that the primary key field cannot be null
What is a foreign key?
When a Primary Key is referenced in another table
