Software Development Security Flashcards
What is a distributed Application ?
A distributed application is an application that consists of multiple components residing on multiple separate networks.
Securing distributed systems ?
1) software integrity (managing client versions etc)
2) Data integrity (Data accuracy and sync across sites)
3) Access Control (AAA)
Role of Agents in Distributed Systems ?
1) Patch Management
2) Host Intrusion Detection (HIDS)
3) Performance and Capacity Monitoring
- specifically an agent is an application in a distributed environment that does a very specific task.
What is an Applet ?
- A Web based agent, built into the web browser.
- designed to increase an users web experience
- ActiveX (not sand boxed, recommend that you block at the firewall or proxy level)
- Java (Sand Boxed, cannot access memory, hard drive)
What is an Mashup ?
- A Web page that utilises multiple applications and applets and APIs.
- Think House pricing / development cost.
What is an Object Orientated (OO) Environment ?
- Software is written as an object.
* Objects can be used and re-used in other code. READ: Efficient.
OO Instances ?
- An OO Object is called an instance.
* Started an Object is called instantiation.
OO Behaviour ?
The result of an object receiving an action.
What is an OO Class ?
A template that defines the methods and variables to be included in a particular type of object.
The class itself contains the common methods and variables, and objects in the class contain only those characteristics that make them unique.
An Example of Class is “Cake” (Nom Nom Nom)
What is Class Hierarchy ?
The tree structure around a class and its object.
What is OO Delegation ?
What happens when an object receives a message requesting a method that it doesn’t have. The object delegates the message to the object that does contain the requested method.
What is an OO Method ?
The procedure (code) contained in an object.
What is an OO Message ?
How objects communicate with one another. A message contains the name of an object to which it wants to communicate, the method it should perform, and usually one or more parameters. The object sending the message is the sender; the object receiving it is the receiver.
What is OO Encapsulation ?
The packaging of an object. Everything inside the object is hidden, or encapsulated. Inheritance: An object that gets some of its characteristics from a class. An object inherits characteristics from the class when it’s instantiated. (It doesn’t have to wait for the class to grow old and die.) Instance: A particular object that’s a member of a class.
What is OO Multiple Inheritance ?
When an object or class inherits characteristics from 1 or more other classes.
What is an OO Object ?
The basic building blocks / Unit of OO.
What is polyinstantiation? (OO)
The process of developing 1 object from another object with different values than the original object.
What is polymorphism ? (OO)
The ability to hide implementation details behind a common message interface.
This permits new objects to be added to a system without having to rewrite existing procedures.
What is a Database ?
A database is a mechanism used to define, store, and manipulate data.
It has a programming and command interface used to create, manage, and administer data.
What is DBMS ?
A Database Management System.
Three most common types of Databases ?
- Hierarchical
- Relational
- Object Orientated
What is Database Aggregation ?
When you collect low sensitivity data from several source databases and combine them together to make a high sensitivity data collection.
What is inference ?
This concept refers to the ability of someone to deduce or infer something about sensitive information that’s beyond normal reach because of its sensitivity level.
What is a Data Dictionary ?
A database that contains the row and column information of other databases.
A database index if you like.
It can be used to create or re-create tables, to manage security access, and as a control point for managing the schema of the application’s database.
What is a Data Warehouse ?
A special-purpose database that’s used for business research, decision support, and planning; comparatively, typical databases support daily business operations.
Used in decision support / data mining. You don’t mine ‘what if’ scenarios on the production Database. You do it on a what if Database.
What is a Hierarchical Database ?
Data in a hierarchical database is arranged in a tree structure, with parent records at the top of the database, and a hierarchy of child records in successive layers.
What is a Network Database ?
Network databases represent an improvement in the design of hierarchical databases.
In the hierarchical model, relationships between records are defined by the database’s tree structure. In a network database, records can be networked to other records through paths that are different from the hierarchy itself.
What is a Relational Database ?
Relational databases are the culmination of database design. A relational database has relationships between data sets
Records are often called rows, and rows are stored in tables. A table can have a primary key, which is one of the fields in the table that contains a unique value. A primary key permits rapid table lookups (queries to find specific records) through binary searches and other data lookup algorithms. An index can also be built for any of the other fields in a table, to facilitate more rapid lookups.
What is a Schema ?
A schema is what defines the structure of a relational database, defines table sizes and rows within etc etc.
What is a Primary Key ?
A table can have a primary key, which is one of the fields in the table that contains a unique value. A primary key permits rapid table lookups (queries to find specific records) through binary searches and other data lookup algorithms.
What is a stored procedure ?
Stored procedures are subroutines that can be accessed by software applications. As their name suggests, stored procedures are actually stored in the relational database.
- Helps make a database resilient to SQL Injection Attacks
What is a prepared Statement ?
Prepared statements (sometimes called parameterized statements) are basically canned statements that can be called by the application.
- Helps make a database resilient to SQL Injection Attacks
What is a Distributed Database ?
- A database whose components exist in multiple physical locations.
- Named because of its location, not because of its design.
- Can be hierarchical, network, relational, object, or any other design.
What is an Object Database ?
The objects in an object database include data records, as well as their methods (application code).
Like OO application programming languages, object databases can have classes (data types), instantiations (individual data records), inheritance, and encapsulation.
Object databases are a niche player in the market for database management systems, where relational databases dominate.
What is a Database Transaction ?
A transaction is an action that is performed on a database that results in the addition, alteration, or removal of data.
What is SQL ?
The dominant computer language used to manipulate data in a database is Structured Query Language (SQL).
Principal Commands: Select, Update, Insert.
What is an SQL Transaction?
SQL statements can also be grouped together in a transaction, to ensure that all of the statements are executed together, thus guaranteeing the integrity of the database.
What is Database Locking ?
Databases employ a mechanism known as locking in order to avoid collisions in which two or more programs may be trying to update the same table or row at the same time. A lock can be placed on a field, an entire row, or an entire table.
What is an Expert System ?
A Knowledge Based System (aka: AI)
Expert systems build a database of past events in order to predict outcomes in future situations. An inference engine analyzes the past events to see whether it can find a match between a past event and the current problem.
What is Fuzzy Logic ?
- Used by Expert Systems
- It breaks down the factors influencing a decision or outcome into its components, evaluates each individual component, and then recombines the individual evaluations in order to arrive at the yes/ no or true/ false conclusion for the big question or problem.
- It produces a quantitative result based on uncertainties.
What are certainty factors ?
- Used by Expert Systems:
- Operate on the numeric probability of yes/ no, true/ false, rain/ snow, or whatever the expert system is working on. The individual probabilities are aggregated, and the final conclusion is reached.
Example: Tomorrow it will snow in Buffalo.
What is a Neural Network ?
- A knowledge Based System (aka: AI)
- Mimic the biological function of the brain.
- A neural network accumulates knowledge by observing events; it measures their inputs and outcome. Over time, the neural network becomes proficient at correctly predicting an outcome because it has observed several repetitions of the circumstances and is also told the outcome each time. Then, when confronted with a fresh set of inputs for a new situation, the neural network predicts outcomes with increasing reliability over time.
- Neural networks learn that input components are weighted, which is to say that their specific degree of influence on the outcome is calculated.
What is an Operating System ?
Operating system (OS) software is a set of programs that manage computer hardware resources and facilitate the use of application programs.
What is the Kernel ?
- The central component of an operating system
* This is the core software in an operating system that performs system functions
What is Process Management ? (OS)
- Performed by the Kernel
- It is how the kernel deals with multiple applications running at the same time.
- The kernel controls the initiation, execution, and termination of programs, as well as the allocation of hardware components (such as CPUs, memory, and peripherals) between the running programs.
What is memory management ? (OS)
- Performed by the Kernel
- The kernel allocates memory to itself as well as to processes that are running. The kernel responds to processes that request more (or less) memory. Programs are permitted to use only the memory allocated to them; the kernel enforces this restriction.