Software Development Security Flashcards

1
Q

Two software assurance/security models

A

Software Assurance Maturity Model (SAMM)

IDEAL

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Software Assurance Maturity Model (SAMM)

A

Framework for integrating security into the software development process and assessment of maturity

Maintained by OWASP

Cover 5 areas

  1. Governance: Policies
  2. Design: includes threat modeling
  3. Implementation: secure build and deployment
  4. Verification: Confirm code meets security requirements through assessments and testing.
  5. Operations: Incident, environment and operational mangement
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

IDEAL Model

A

Software development model including security and maturity measurement

Created by Software Engineering Institute

Includes 5 Phases
1. Initiating: Business drivers are understood and infrastructure is put in place.
2. Diagnosing: Understand current state of business and propose changes
3. Establishing: Plan developed from diagnosing stage
4. Acting: implement plan from previous stage including testing and refinement.
5. Learning

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Software Capability Maturity Model

A

From Carnegie Mellon university

Outlines levels of software development maturity in 5 levels

Initial- no organized process
Repeatable- management process are introduced.
Defined- Formal process
Managed- Process is measured quantitative
Optimized- continuous improvement built in

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

ACID model for Databases

A

Atomicity
Consistency
Isolation
Durability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Three Components of Change Management

A

Request Control: manages the requests for change an confirms they are needed.

Change Control:

Release Control: once change is finalized…user acceptance testing and double checking change for issues. Removing an back doors or code used to support change. Makes sure only approved changes are allowed into production.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly