2.3 Flashcards
Summarize secure application development, deployment, and automation concepts. Summarize (32 cards)
Most organizations have multiple, separate __________ designed to provide isolation between the functions of development, test, staging, and production.
Environment
Is a type of environment that is sized, configured, and set up for developing applications and systems.
Development environment
Is a type of environment that is used to test a system fully prior to deploying it into production to ensure that it is bug-free and will not disrupt the production environment.
Test environment
Is an optional environment, but it is commonly used when an organization has multiple production environments. Primary purpose is to serve as a sandbox after testing, so the test system can test the next set while the current set is deployed across the enterprise.
Staging environment
Is a type of environment where the systems work with real data, doing the business that the system is intended to perform.
Production environment
Is a common step in any manufacturing process that ensures the delivery of high-quality software or IT systems. The primary goal of this step is to verify and validate that a product or system meets specified requirements and adheres to established standards.
Quality assurance (QA)
Is the process of assigning permissions or authorities to objects. Users can be provisioned into group, and computer processes or threads can be provisioned to higher levels of authority when executing.
Provisioning
Is the removal of permissions or authorities.
deprovisioning
Refers to the process of verifying and ensuring the integrity of software, systems, or data.
Integrity measurement
Refers to organizing data to minimize redundancy and dependency. It helps in preventing anomalies and inconsistencies in data, which can be exploited by attackers.
Normalization
These are precompiled SQL queries stored on the database server. They enhance security by allowing the database to execute specific tasks without exposing the underlying code to potential attackers.
Stored procedures
This involves intentionally making code or data unclear. It’s used to deter and thwart attackers attempting to analyze or exploit the system.
Obfuscation/camouflage
Involves leveraging existing code for new purposes, which can introduce security risks if the reused code contains vulnerabilities.
Code reuse
Refers to code that is no longer used but still present in the system, which can create security holes if not properly managed.
Dead code
Critical value checks or security checks should be performed on the ___________-side.
Server-side
Critical value checks or security checks should not be performed on the ___________-side.
client-side
Involves allocating and deallocating memory resources efficiently to prevent memory-related vulnerabilities like buffer overflows.
Memory management
Software developers use packaged sets of software programs and tools called __________ to create apps for specific vender platforms.
software development kits (SDKs)
Is the loss of control over data from a system during operations.
Data exposure
An organization that provides resources, tools, and guidelines for improving web application security.
Open Web Application
Security Project (OWASP)
Software that translates source code into machine code or executable code.
Compiler
Executable machine code that computers can directly execute. 1’s and 0’s.
Binary
Involves using ________________ to perform repetitive tasks.
Automation/scripting
Predefined responses or actions triggered automatically by security events or alerts.
Automated courses of action
