Brainscape's Knowledge GenomeTM

Browse over 1 million classes created by top students, professors, publishers, and experts.


See full index

Computer Security > SSDLC and Security Assessment > Flashcards

SSDLC and Security Assessment Flashcards

1
Q

Why is modern software hard to develop and maintain correctly?

A

Because they are large, complex with many dependencies. Maintenance cycles are also usually long and
conducted for a set period of time after release.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is the Software Maintenance Challenge?

A

The fact that ever more complex software requires more and more maintenance.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What are the 7 steps of SAP’s Secure Software Development Lifecycle?

A

Training, Risk Identification, Planning security response, Secure development, Security testing,
Security validation, Security Response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Give an example of the secure development cycle for Cloud / Agile?

A

Define: Risk identification, Security measures.
Build process: Secure development, Security testing, Security Validation.
Release software: Security response.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is more likely if SAP’s SSDLC is not followed?

A

Insecure software is more likely to be produced.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What is the purpose of CWE and CVE? What is the difference?

A

The overarching purpose is a unified way of categorising and logging system vulnerabilities. The difference between them is CWE (Common Weakness Enumeration) is a listing of all vulnerability types known. CVE (Common
Vulnerability Enumeration) is a list of all logged vulnerability occurrences.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What is the scoring system used to determine the severity of vulnerabilities?

A

Commonn Vulnerability Scoring System. < 3 (low priority); 4,5 (Add to backlog); 6,7 (fix in next maintenance cycle);
8,9,10 (fix immediately).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

What is OWASP Top 10?

A

A list of the most common vulnerabilities across all applications.
1 : Broken Access Control
2 : Cryptographic failures
3 : Injection
4 : Insecure design
5 : Security misconfiguration
6 : Old components / dependencies
7 : Authentication and Identification failures
8 : Software and Data integrity failures
9 : Security logging and monitor failures
10 : Request forgery (SSRF, CSRF(XSS))

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What is an issue with no. 9 of the OWASP Top 10?

A

Logging and monitoring failures : For business over logging is good as it provides more recovery points. However,
from a privacy point of view it’s bad since constant personal data is being collected and logged.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Computer Security (19 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2024 Bold Learning Solutions. Terms and Conditions