WGU D487: Secure Software Design __., __., __., __., __.,
Study Guide with complete solutions. __., __., __., __., __.,
Software Security Champions __., Software engineers/designers who are
__., __.,__., __., __., __., __., __.,
capable of thinking like an attacker, stepping stone to an architect role.
__., __., __., __., __., __., __., __., __., __., __.,
Who sets the Base Score
__., __., __., __., __.,__., __., The Vendor. Really doesn't change over
__., __., __., __., __., __.
time.
,
Who sets the Temporal score
__., __., __., __., __.,__., __., The vendor. Is reevaluated over time.
__., __., __., __., __.,
Who sets the Environmental score?
__., __., __., __., __.,__., __., End user orgs compute this
__., __., __., __., __.
score.
,
When might Waterfall Development be used?
__., __., __., __., __., __.,__., __., When requirements are __., __.,
fully understood and not complex.
__., __., __., __., __.,
What kinds of teams are used in Agile development
__., __., __., Cross functional __., __., __., __., __., __.,__., __., __., _
teams that are responsible all functions in each iteration
_., __., __., __., __., __., __., __., __.,
What is the goal of Scrum?
__., __., __., __., __., __.,__., __., Maximize the ability to deliver quickly
__., __., __., __., __., __.,
and respond to emerging needs.
__., __., __., __.,
Lean development
__., You select, plan, develop, test, and deploy one__.,__., __., __., __., __., __., __., __., __., __.,
feature before moving on the the next.
__., __., __., __., __., __.,
,What is the discovery meeting?
__., __., __., __., __.,__., __., SDL kickoff meeting
__., __.,
SDL Goals
__., __.,__., Reduce the number of vulnerability and Privacy issues
__., __., __., __., __., __., __., __.,
Reduce the severity of the remaining vulnerabilities
__., __., __., __., __., __.,
Three main goals of secure software development
__., __., __., __., __., __., __.,__., Quality
__.,
Security
Maintainability
What are the three threat intention categories?
__., __., __., __., __., __., __.,__., unintentional
__.,
Intentional but non-malicious __., __.,
malicious
What are the primary issues in modeling
__., __., __., __., __., __., __.,__., Doing it well
__., __., __.,
Doing it thoroughly enough
__., __., __.,
Doing Knowing what to do with the results
__., __., __., __., __., __., __.,
, 12 categories of BSIMM
__., __., __., __.,__., __., Strategy and Metrics __., __.,
Compliance and Policy __., __.,
Training
Attack Models __.,
Security Features and Design __., __., __.,
Standards and Requirements __., __.,
Architecture Analysis __.,
Code Review __.,
Security Testing __.,
Penetration Testing __.,
Software Environment __.,
Configuration and Vulnerability Management __., __., __.,
ISO 27001 __., Specifies a management system intended to bring informa
__.,__., __., __., __., __., __., __., __., __.,
tion security under formal management control.
__., __., __., __., __.,
ISO 27034 __., Guidance to help organizations embed security within thei
__.,__., __., __., __., __., __., __., __., __.,
r processes that help secure applications running in the environment.
__., __., __., __., __., __., __., __., __.,
SAFECode Global industry led effort to identify and promote best pra
__.,__., __., __., __., __., __., __., __., __., __., __.,
ctices for software, hardware and services.
__., __., __., __., __.,
DHS Software Assurance Program
__., Created the Build Security In websi
__., __., __.,__., __., __., __., __., __., __.,
te (BSI) to push security in the SDLC
__., __., __., __., __., __., __.,