Domain 8 - Software Development Security Flashcards
A Buffer overflow can exploit improper ____ validation?
Input Validation
True or False - in the SDLC Lifecycle, Unit Testing occurs after the Development Phase?
True
Name Types of SDLC Testing Phase Testing?
Unit Testing
Integration Testing
Acceptance Testing
Regression Testing
Data ____ is storing data from multiple Databases into a Central Location.
Data Warehousing
Data ____ is massaging info found in the Data Warehouse into metadata by finding correlations in the data stored in the Warehouse.
Data Mining
Disclosure of residual data is if an OS allows sequential use of an object without refreshing it, the security issue that can arise is the residual (confidential) data being accessible. True or False?
TRUE
Security & Functionality would have to be designed and integrated at each phase of the Development Life Cycle.
Security should be interwoven into the core of a product and provide protection at the necessary layers.
True or False
True
Security should be interwoven into the core of a product & provide protection at the necessary layers - True or False?
This is a better approach than trying to develop a front end wrapper
True
An operation that allows changes to a database to be available to all applications and users is a ______?
Commit
The Commit operation completes a transaction & executes all changes JUST made by the USER, True or False?
True
What is the difference between a SQL COMMIT command and a SQL ROLLBACK command?
Commit = same as pushing a FW - the final commitment
Rollback - if a transaction has to be aborted, the DB restores itself to the condition before the transaction began
Database Contamination
When data from different classification levels is mixed in the DB
True or False: The SDLC ensures functionality, cost, quality and delivery schedule
True
