100% satisfaction guarantee Immediately available after payment Both online and in PDF No strings attached
logo-home
Secure Software Design Questions And Answers $9.99   Add to cart

Exam (elaborations)

Secure Software Design Questions And Answers

 3 views  0 purchase
  • Course
  • WGU D487
  • Institution
  • WGU D487

Secure Software Design Questions And Answers

Preview 3 out of 26  pages

  • October 20, 2024
  • 26
  • 2024/2025
  • Exam (elaborations)
  • Questions & answers
  • WGU D487
  • WGU D487
avatar-seller
Divinehub
Secure Software Design Questions And
Answers
SDL - ANSWER- Security Development Life Cycle

SDLC - ANSWER- Software Development Life Cycle

Software Security - ANSWER- Building security into the software through a SDL
(Security Development Life Cycle) in an SDLC (Software Development Life Cycle)

Application Security - ANSWER- Protecting the software and the systems on which it
runs after release

Three core elements of security - ANSWER- Confidentiality, integrity, and availability
(the C.I.A. model)

PITAC - ANSWER- President's Information Technology Advisory Committee

Quality and security - ANSWER- In terms of coding defects, the product not only has to
work right, it also has to be secure

Trustworthy Computing (TwC) - ANSWER- The team which formed the concepts that
led to the Microsoft Security Development Lifecycle

Static analysis tools - ANSWER- Tools that look for a fixed set of patterns or rules in the
code in a manner similar to virus-checking programs

Authorization - ANSWER- Ensures that the user has the appropriate role and privilege
to view data

Authentication - ANSWER- Ensures that the user is who he or she claims to be and that
the data come from the appropriate place

Threat modeling - ANSWER- To understand the potential security threats to the system,
determine risk, and establish appropriate mitigations. Applies principles such as least
privilege and defense-in-depth; requires human expertise and not tools to accomplish

Attack surface - ANSWER- The entry points and exit points of an application that may
be accessible to an attacker

- ANSWER- The majority of attacks against software take advantage of, or exploit,
some vulnerability or weakness in that software; for this reason, "attack" is often used
interchangeably with "exploit," though the Build Security In Attack Pattern Glossary

,makes a clear distinction between the two terms, with attack referring to the action
against the targeted software and exploit referring to the mechanism (e.g., a technique
or malicious code) by which that action is carried out.

- ANSWER- Availability: Ensuring timely and reliable access to and use of information.

- ANSWER- Confidentiality: Preserving authorized restrictions on information access
and disclosure, including means for protecting personal privacy and proprietary
information.

- ANSWER- Integrity: Guarding against improper information modification or
destruction, and includes ensuring information non-repudiation and authenticity.

- ANSWER- Authorization and authentication are the two properties that support
confidentiality in that authorization ensures that users have the appropriate role and
privilege to view data, and authentication ensures that users are who they claim to be
and that the data come from the appropriate place.

- ANSWER- Developers must take the time to code cleanly, and eradicate every
possible security flaw before the code goes into production.

- ANSWER- The idea behind threat modeling is simply to understand the potential
security threats to the system, determine risk, and establish appropriate mitigations.
When it is performed correctly, threat modeling occurs early in the project life cycle and
can be used to find security design issues before code is committed.

- ANSWER- You cannot have quality without security or security without quality. These
two attributes complement each other, and both enhance overall software product
integrity and market value.

Techniques used in penetrating valid channels of authentication - ANSWER- Cross-Site
Scripting (XSS), Structured Query Language (SQL) injection, buffer overflow
exploitation

The most well-known SDL model - ANSWER- Trustworthy Computing Security
Development Lifecycle (SDL)

Other popular SDL models - ANSWER- Cigital Software Security Touchpoints model,
OWASP SDL, Cisco Secure Development Lifecycle (CSDL)

SDL Optimization Model - ANSWER- Enables development managers and IT
policymakers to assess the state of the security in development

Two very popular software security maturity models that have been developed and
continue to mature at a rapid rate - ANSWER- Cigital BSIMM, OWASP Open SAMM

, Building Security In Maturity Model (BSIMM) - ANSWER- A study of real-world software
security initiatives organized so that you can determine where you stand with your
software security initiative and how to evolve your efforts over time

OWASP Software Assurance Maturity Model (SAMM) - ANSWER- A flexible and
prescriptive framework for building security into a software development organization

ISO/IEC - ANSWER- International Standards Organization (ISO) / International
Electrotechnical Commission (IEC)

ISO/IEC 27034-1:2011 - ANSWER- A standard for application security which offers a
concise, internationally recognized way to get transparency into a vendor/supplier's
software security management process

ISMS - ANSWER- Information Security Management System

ISO/IEC 27001 - ANSWER- A standard that specifies a management system intended
to bring information security under formal management control

ISO/IEC 27034 - ANSWER- A standard that provides guidance to help organizations
embed security within their processes that help secure applications running in the
environment, including application lifecycle processes

SAFECode - ANSWER- A global, industry-led effort to identify and promote best
practices for developing and delivering more secure and reliable software, hardware,
and services

NCSD - ANSWER- Department of Homeland Security National Cyber Security Division

Software Assurance Program - ANSWER- The SwA Program seeks to reduce software
vulnerabilities, minimize exploitation, and address ways to improve the routine
development and deployment of trustworthy software products

NIST - ANSWER- National Institute of Standards and Technology

NSA - ANSWER- National Security Agency

SWE - ANSWER- Common Weakness Enumeration

Software Assurance Metrics And Tool Evaluation (SAMATE) - ANSWER- The project
dedicated to improving software assurance by developing methods to enable software
tool evaluations, measuring the effectiveness of tools and techniques, and identifying
gaps in tools and methods

NIST Special Publication (SP) 800-64, Security Considerations in the System
Development Life Cycle - ANSWER- Developed to assist federal government agencies

The benefits of buying summaries with Stuvia:

Guaranteed quality through customer reviews

Guaranteed quality through customer reviews

Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.

Quick and easy check-out

Quick and easy check-out

You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.

Focus on what matters

Focus on what matters

Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!

Frequently asked questions

What do I get when I buy this document?

You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.

Satisfaction guarantee: how does it work?

Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.

Who am I buying these notes from?

Stuvia is a marketplace, so you are not buying this document from us, but from seller Divinehub. Stuvia facilitates payment to the seller.

Will I be stuck with a subscription?

No, you only buy these notes for $9.99. You're not tied to anything after your purchase.

Can Stuvia be trusted?

4.6 stars on Google & Trustpilot (+1000 reviews)

72042 documents were sold in the last 30 days

Founded in 2010, the go-to place to buy study notes for 14 years now

Start selling
$9.99
  • (0)
  Add to cart