Software Development Security Flashcards
Two software assurance/security models
Software Assurance Maturity Model (SAMM)
IDEAL
Software Assurance Maturity Model (SAMM)
Framework for integrating security into the software development process and assessment of maturity
Maintained by OWASP
Cover 5 areas
- Governance: Policies
- Design: includes threat modeling
- Implementation: secure build and deployment
- Verification: Confirm code meets security requirements through assessments and testing.
- Operations: Incident, environment and operational mangement
IDEAL Model
Software development model including security and maturity measurement
Created by Software Engineering Institute
Includes 5 Phases
1. Initiating: Business drivers are understood and infrastructure is put in place.
2. Diagnosing: Understand current state of business and propose changes
3. Establishing: Plan developed from diagnosing stage
4. Acting: implement plan from previous stage including testing and refinement.
5. Learning
Software Capability Maturity Model
From Carnegie Mellon university
Outlines levels of software development maturity in 5 levels
Initial- no organized process
Repeatable- management process are introduced.
Defined- Formal process
Managed- Process is measured quantitative
Optimized- continuous improvement built in
ACID model for Databases
Atomicity
Consistency
Isolation
Durability
Three Components of Change Management
Request Control: manages the requests for change an confirms they are needed.
Change Control:
Release Control: once change is finalized…user acceptance testing and double checking change for issues. Removing an back doors or code used to support change. Makes sure only approved changes are allowed into production.