Professional Documents
Culture Documents
Domain 8: - Software Development Security
Domain 8: - Software Development Security
Domain 8: - Software Development Security
When Windows OS shuts down the PC (for a HW or SW problem), then the state of PC
is FAIL SECURE
Reducing the number of threat vectors (external factors) is not a goal of software threat
modeling
Aggregate functions summarize large amounts of data and provide only summary information
as a result
Foreign keys are used to enforce referential integrity relationships between tables
Macro viruses are commonly found on Microsoft Office product files (.doc, .xls, pptx …etc)
Regression testing is software testing that runs a set of known inputs against an application and
then compares the results to those produced by an earlier version of the software.
Aggregation is database security issue when a collection of facts has a higher classification than
the classification of any of those facts standing alone.
Timing and storage two the types of covert channels that are commonly exploited by attackers.
Worms do not require user intervention to be spread from one system to another.
Inference attacks involve combining several pieces of non-sensitive information to gain access to
information that should be classified at a higher level. They include DEDUCTION of information.
Web application firewalls (WAFs) sit in front of web applications and watch for potentially
malicious web attacks, including cross-site scripting. They then block that traffic from reaching
the web application.
Pass-around reviews (software review process) are often done via email or using a central code
review system, allowing developers to review code asynchronously
Pair programming (agile software development technique) requires two programmers to work
together, with one writing code and the other reviewing and tracking progress (work together at
one workstation).
Stealth viruses hide themselves by actually tampering with the operating system to fool
antivirus packages into thinking that everything is functioning normally.
Functional requirements specify what software must do by describing the inputs, behavior, and
outputs .
The Open Web Application Security Project (OWASP) is an online community that produces
freely-available articles, methodologies, documentation, tools, and technologies in the field of
web application security.