Section 10: Secure Software Development

Question 1

SDLC

Answer 1

Organized process of developing a secure application throughout the life the project

Question 2

What are the seven phases of the SDLC?

Answer 2

Planning and Analysis

Software/Systems Design (no coding, yet)

Implementation (coding is developed and basic debugging and testing)

Testing (check the code)

Integration

Deployment (application moved into the production environment)

Maintenance (bug fixing, patches, updates; version control, integration management)

Question 3

Agile Development

Answer 3

Software development is performed in time-boxed or small increments to allow more adaptivity to change

Question 4

DevOps

Answer 4

Software development and information technology operations

Question 5

How do you implement integrity?

Answer 5

Hash algorithms, journaling

Question 6

Threat modeling

Answer 6

helps prioritize vulnerability identification and patching

Question 7

Defense in depth

Answer 7

Layering of security controls is more effective and secure than relying on a single control

Question 8

Minimize attack surface

Answer 8

Reduce the amount of code used by a program eliminate unneeded functionality, and require authentication prior to running additional plugins.

Question 9

Create Secure Defaults

Answer 9

Ensure default installation is secure and require an admin to lessen the default

Question 10

Authenticity and Integrity

Answer 10

Use digital signatures! That’s what this means

Question 11

Fail Securely

Answer 11

If the application fails, can it be exploited?

Question 12

Fix Security Issues

Answer 12

If a vulnerability is identified, then it should be quickly addressed

Question 13

Rely on trusted SDKs

Answer 13

must come from trusted sources to ensure no malicious code is being added. If you’re reusing somebody’s code, make sure that you trust it.

Question 14

Black box testing

Answer 14

Occurs when a tester is not provided with any information about the system or program prior to conducting the test

Question 15

White-box testing

Answer 15

Occurs when a tester is provided full details of a system including the source code

Question 16

Gray box

Answer 16

mixture of both. Might be given user level credentials, but not admin.

Question 17

Structured Exception Handling (SEH)

Answer 17

Provides control over what the application should do when faced with a runtime or syntax error

Question 18

Input Validation

Answer 18

Applications verify that information received from a user matches a specific format or range of values

Question 19

Static Analysis

Answer 19

Source code of an application is reviewed manually or with automatic tools without running the code

Question 20

Dynamic Analysis

Answer 20

Analysis and testing while the program is being utilized

Question 21

Fuzzing

Answer 21

Infection of randomized data into a software program in an attempt to find system failures, memory leaks, etc.

Question 22

Backdoors

Answer 22

Code placed in computer programs to bypass normal authentication and other security mechanisms (should not be utilized)

Question 23

Directory Traversal

Answer 23

Method of accessing unauthorized directories by moving through the directory structure on a remote server. (messing with the URL path to get to something else with ../)

Question 24

Arbitrary Code Execution

Answer 24

Occurs when an attacker is able to execute or run commands on a victim computer

Question 25

Remote Code Execution

Answer 25

Occurs when they execute the commands on the computer remotely

Question 26

Zero Day

Answer 26

Attack against a vulnerability that is unknown to the original developer

Question 27

Buffer Overflow

Answer 27

Occurs when a process stores data outside the memory range allocated by the developer (just remember it’s an attempt to put more data into memory that it is designed to hold)

Question 28

Buffer

Answer 28

Temporary storage area for a program (glass that holds water)

Question 29

Stack

Answer 29

Reserved area of memory where the program saves the return address when a function call instruction is received

Question 30

Smash the stack

Answer 30

Occurs when a attacker fills up the buffer with NOP so that the return address may hit a NOP and continue on until it finds the attacker’s code to run

Question 31

Address Space Layout Randomization

Answer 31

Method used by programmers to randomly arrange the different address spaces used by a program or process to prevent buffer overflow exploits

Question 32

XSS

Answer 32

Cross Site Scripting - Occurs when an attacker embeds malicious scripting commands on a trusted website (stored/persistent; reflected; DOM based) (think about exploiting something from a web browser and website)

Question 33

XSRF

Answer 33

cross site request forgery - Occurs when an attacker forces a user to execute actions on a web server for which they are already authenticated (if you’ve already logged into the website, then you can get compromised by someone doing stuff through your already authenticated session)

Question 34

How do you prevent XRSF?

Answer 34

Tokens, encryption, XML File Scanning, and cookie verification

Question 35

SQL Injection

Answer 35

Attack consisting of the insertion or injection of an SQL query via input data from the client to a web application (OR 1=1 is always going to refer to an SQL Injection on the exam!)

Question 36

Injection Attack

Answer 36

Insertion of additional information or code through data input from a client to an application

Question 37

XML uses

Answer 37

for authentication, etc. data submission

Question 38

XML Bomb

Answer 38

XML encodes entities that expand to exponential sizes, consuming memory on the host and potentially crashing it

Question 39

XML External Entity (XXE)

Answer 39

An attack that embeds a request for a local resource

Question 40

Best way to prevent XML attacks?

Answer 40

Input validation! Same with a SQL Injection. Anything with XML in the question, it is talking about an XML vulnerability

Question 41

Race Condition

Answer 41

Computer is trying to race itself, you’re both trying to do something at the same time and getting there before you. Multiple threats writing at the same time. (get there before the antivirus takes hold) (can also be used against databases and file systems)

Question 42

Dereferencing

Answer 42

A software vulnerability where we’re breaking apart the pointer and what it’s pointing to

Question 43

Time of Check to Time of Use

Answer 43

Not checking when checking out of the cart. Do a final check when you try to pay (is it still in stock?)

Question 44

Prevent time of check

Answer 44

Develop apps to not process things sequentially if possible

implement a locking mechanism to provide app with exclusive access

Question 45

Where do vulnerabilities arise?

Answer 45

Most of the time, from bad coding

Question 46

Insecure Components

Answer 46

Any code that is used or invoked outside the main program development process

Question 47

Insufficient Logging and Monitoring

Answer 47

Any program that does not properly record or log detailed enough information (

Question 48

Weak or default configuration

Answer 48

Any program that uses ineffective credentials or configurations, or one in which the defaults have not been changed for security