Domain 8: Software Development Security Flashcards
Change management process has three basic components:
Request Control/Change Control/Release Control
Request Control
Provides an organized framework within which users can request modifications,
managers can conduct cost/ benefit analysis, and developers can prioritize tasks.
Change Control
Provides an organized framework within which multiple developers can create and
test a solution prior to rolling it out into a production environment. Change control includes
conforming to quality control restrictions, developing tools for update or change deployment, properly
documenting any coded changes, and restricting the effects of new code to minimize diminishment of
security.
Release Control
Once the changes are finalized, they must be approved for release through the release control procedure.
Configuration Identification
Administrators document the configuration of covered software products throughout the organization.
Configuration Control
Ensures that changes to software versions are made in accordance with the
change control and configuration management policies. Updates can be made only from authorized
distributions in accordance with those policies.
Configuration Status Accounting
Formalized procedures are used to keep track of all authorized changes that take place
Configuration Audit
Periodic configuration audit should be conducted to ensure that the actual
production environment is consistent with the accounting records and that no unauthorized
configuration changes have taken place
5 levels of SW-CMM
initiating , repeatable, defined, managed, Optimizing
initiating
competent people, informal processes, ad-hoc, absence of formal process
repeatable
project management processes, basic life-cycle management processes
defined
Engineering processes, presence of basic life-cycle management processes and reuse
of code, use of requirements management, software project planning, quality assurance,
configuration management practices
managed
product and process improvement, quantitatively controlled
Optimizing
continuous process improvement Works with an IDEAL model.
IDEAL Model
Initiate , Diagnose, Establish an action plan,, Action implement improvements, , Leverage reassesses and continuously improve
PERT
Program Evaluation Review Technique is a project-scheduling tool used to judge the size of a
software product in development and calculate the standard deviation (SD) for risk assessment. PERT
relates the estimated lowest possible size, the most likely size, and the highest possible size of each
component. PERT is used to direct improvements to project management and software coding in order
to produce more efficient software
DevOps
The word DevOps is a combination of Development and Operations, symbolizing
that these functions must merge and cooperate to meet business requirements.
Integrates:
• Software Development,
• Quality Assurance
• IT Operations
DBMS
Refers to a suite of software programs that maintains and provides controlled access to data
components store in rows and columns of a table
Relational
One-to-one relationships, has DDL and DML, has TUPLES and ATTRIBUTES
(rows and columns)
Key-Value Store
key-value database, is a data storage paradigm designed for storing,
retrieving, and managing associative arrays, a data structure more commonly known today as a
dictionary or hash.
DDL – Data definition language
defines structure and schema
DML – Data manipulation language
View, manipulate and use the database via VIEW, ADD,
MODIFY, SORT and DELETE commands.
Degree of Db
Number of attributes (columns) in table
Cardinality
rows