Software Security Flashcards
Why should we worry about software security?
Cryptographic systems are possible to crack, but extremely expensive, making them very inefficient to hack.
However, targeting the software directly is much easier, and can easily topple the most powerful of cryptography.
What is an end of life?
An end of life is the point in time under which the vendor of a software will provide both security as well as functional bugfixes and patches for free.
What is an extended end of life?
An extended end of life is the point in time until which a vendor will support security updates.
Why do vendors rarely delete functionality, even if it’s detrimental to the software?
There’s always going to be someone, somewhere, using a feature you largely forgot about. This compounding of conflicting interests makes it hard to remove features from a product, and can even cause issues such as vulnerabilities caused by insecure code packages.
What is the Secure Software Development Lifecycle (SDL)?
The SDL is a concept pioneered by Microsoft, intended to give companies a standard to securely develop software.
It is a set of phases that Microsoft deems it important to think about and implement.
What is the “training and awareness” step of the SDL?
The training and awareness step consists of training your developers on the newest threats we need to be careful for.
What is the “verification” step of the SDL?
The verification step consists of performing security testing, including static and dynamic analysis and penetration testing to identify and mitigate security issues.
What is the “response” step of the SDL?
The response step consists of having a plan in place to respond to and mitigate security incidents, including vulnerability management and timely patching.
What is the “governance, risk management and compliance” step of the SDL?
The governance step consists of establishing processes to manage security risks, comply with relevant regulations and ensure ongoing security governance.
What is meant by SQL injection?
SQL injection is a type of attack on a database primarily used on web applications to manipulate the data stored on the server or to access data intended to be inaccessible.
It manipulates the use of dynamic SQL statements to force your own definitions and validations into the script.
What is the Common Weakness Enumeration (CWE)?
The CWE is an information source for known weaknesses in software, and how they work.
What is the Open Web Application Security Project (OWASP)?
OWASP is a database of known vulnerabilities, mainly focusing on web security.
What is the Common Vulnerabilities and Exposure (CVE)?
The CVE is a database of software vulnerabilities, where each vulnerability has a unique ID to refer to.
What is the difference between weaknesses and vulnerabilities?
A weakness is a general flaw or mistake in the design of something, while a vulnerability is an application of that flaw on a certain software/library/framework.
For example, a weakness may include an improper authorization technique, and the resulting vulnerability could be a SQL injection on a specific website.
What is the National Vulnerability Database (NVD)?
The NVD is a database of all known vulnerabilities in concrete, released products.
