Software Development Lifecycle Flashcards
What is the attack surface?
The attack surface is the collection of possible entry points for an attacker. The reduction of this surface reduces the possible ways that an attacker can exploit a system.
What is Computer Aided Software Engineering (CASE)?
Computer-aided software engineering refers to any type of software that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version-control mechanisms, and more. The goals are to increase development speed and productivity and reduce errors.
What is fuzzing?
Fuzzing is the act of sending random data to the target program in order to trigger failures.
What does ISO/IEC 27034 cover?
The ISO/ IEC 27034 standard covers the following items: application security overview and concepts, organization normative framework, application security management process, protocols and application security control data structure, case studies, and application security assurance prediction.
What is The Open Web Application Security Project (OWASP)?
The Open Web Application Security Project (OWASP) is an organization dedicated to helping the industry develop more secure software.
What are the levels of CMMI?
The CMMI model uses five maturity levels designated by the numbers 1 through 5. Each level represents the maturity level of the process quality and optimization. The levels are organized as follows: 1 = Initial, 2 = Repeatable, 3 = Defined, 4 = Managed, 5 = Optimizing.
At what point should change control be implemented?
Change control needs to be put in place at the beginning of a project and must be enforced through each phase. Changes must be authorized, tested, and recorded. The changes must not affect the security level of the system or its capability to enforce the security policy.
List the different Software Development Lifecycle Models?
There are several SDLC models:
Waterfall (sequential approach that requires each phase to complete before the next one can begin)
What are the various application testing methods?
Incremental (multiple development cycles are components)
integration (verifying components work together in the production environment),
acceptance (ensuring code meets customer requirements),
regression (testing after changes take place),
static analysis (reviewing programming code)
dynamic analysis (reviewing code during execution).
Rapid Application Development (RAD) (SDLC)
Rapid Application Development (combines prototyping and iterative development procedures with the goal of accelerating the software development process),
Agile (SDLC) Model
Agile (iterative and incremental development processes that encourage team-based collaboration, and flexibility and adaptability are used instead of a strict process structure).
Incremental (SDLC) Model
Incremental (multiple development cycles are carried out on a piece of software throughout its development stages),
Prototyping (SDLC) Model
Prototyping (creating a sample of the code for proof-of-concept purposes)
V-Model (SDLC) Model
V-model (emphasizes verification and validation at each phase)
What is the Software Configuration Management (SCM)?
Software configuration management (SCM) is the task of tracking and controlling changes in the software through the use of authentication, revision control, the establishment of baselines, and auditing. It has the purpose of maintaining software integrity and traceability throughout the software development life cycle.
What is Generation 1 programming Language?
Programming languages have gone through evolutionary processes.
Generation one is machine language (binary format).
What is Generation 2 programming Language?
Generation two is assembly language (which is translated by an assembler into machine code).
What is Generation 3 programming Language?
Generation three is high-level language (which provides a level of abstraction).
What is Generation 4 programming Language?
Generation four is a very high-level language (which provides more programming abstraction).
What is Generation 5 Programming language?
Generation five is natural language (which is used for artificial intelligence purposes).
What is data modeling?
Data modeling is a process used to define and analyze data requirements needed to support the business processes within the scope of corresponding systems and software applications.
What features does Object Oriented programing provide?
Object-oriented programming provides modularity, reusability, and more granular control within the programs themselves compared to classical programming languages.
Describe the role of Objects in Object Oriented Programming?
Objects are members, or instances, of classes. The classes dictate the objects’ data types, structure, and acceptable actions.
How do objects in OOP communicate?
In OOP, objects communicate with each other through messages, and a method is functionality that an object can carry out. Objects can communicate properly because they use standard interfaces.
Define Polymorphism?
Polymorphism is when different objects are given the same input and react differently.
Describe the internal operations of objects?
Data and operations internal to objects are hidden from other objects, which is referred to as data hiding. Each object encapsulates its data and processes.
Describe the char of OO Design?
Object-oriented design represents a real-world problem and modularizes the problem into cooperating objects that work together to solve the problem.
What is Coupling?
If an object does not require much interaction with other modules, it has low coupling.
What’s the best programming design?
The best programming design enables objects to be as independent and as modular as possible; therefore, the higher the cohesion and the lower the coupling, the better.
What is an Object Request Broker (ORB)
An object request broker (ORB) manages communications between objects and enables them to interact in a heterogeneous and distributed environment.
.
What is the Common Object Request Broker Architecture (CORBA)?
Common Object Request Broker Architecture (CORBA) provides a standardized way for objects within different applications, platforms, and environments to communicate. It accomplishes this by providing standards for interfaces between objects.
What is a Component Object Model (COM)?
Component Object Model (COM) provides an architecture for components to interact on a local system.
What is a Distributed Component Object Model (DCOM)?
Distributed COM (DCOM) uses the the same interfaces as COM, but enables components to interact over a distributed, or networked, environment.
What is Open Database Connectivity (ODBC)?
Open Database Connectivity (ODBC) enables several different applications to communicate with several different types of databases by calling the required driver and passing data through that driver.
What is Object linking and embedding?
Object linking and embedding (OLE) enables a program to call another program (linking) and permits a piece of data to be inserted inside another program or document (embedding).
Define Service oriented architecture (SOA)?
Service-oriented architecture (SOA) provides standardized access to the most needed services to many different applications at one time. Service interactions are self-contained and loosely coupled so that each interaction is independent of any other interaction.
What are security features of Java programming language?
Java security employs a sandbox so the applet is restricted from accessing the user’s hard drive or system resources. Programmers have figured out how to write applets that escape the sandbox.
What is SOAP?
SOAP allows programs created with different programming languages and running on different operating systems to interact without compatibility issues.
What are the 3 main types of Cross-Site Scripting (XSS)?
There are three main types of cross-site scripting (XSS) attacks: nonpersistent XSS (exploiting the lack of proper input or output validation on dynamic websites), persistent XSS (attacker loads malicious code on a server that attacks visiting browsers),
DOM (attacker uses the DOM environment to modify the original client-side JavaScript).
Define Database management System?
A database management system (DBMS) is the software that controls the access restrictions, data integrity, redundancy, and the different types of manipulation available for a database.
What is the database Primary Key?
A database primary key is how a specific row is located from other parts of the database in a relational database.
What is the purpose of a DB View?
A view is an access control mechanism used in databases to ensure that only authorized subjects can access sensitive information.
A database view is put into place to prevent certain users from viewing specific data. This is a preventive measure, because the administrator is preventing the users from seeing data not meant for them. This is one control to prevent inference attacks.
.