2.3 Summarize secure application development, deployment, and automation concepts

Question 1

The 4 Computing Environments

Answer 1

Development, Test, Staging, and Production. Needs to be separated so you test each stage for untested code.

Question 2

Development Environment

Answer 2

Where new software code is being made. OS type and version needs to match.

Question 3

Test Environment

Answer 3

Mimics the production environment. Test environment is to ensure that it is bug free.

Question 4

Staging Environment

Answer 4

You ensure quality assurance and validate security and baseline config.

Question 5

Production Environment

Answer 5

The product does what it is designed to do. Is working with real data.

Question 6

Quality Assurance (QA)

Answer 6

Evaluation process that test security and quality. (Happens in the Staging environment)

Question 7

Provisioning

Answer 7

Making apps. and services available. May be related to lifecycle of a app.

Question 8

Deprovisioning

Answer 8

Application end of life. Should be deprovision with HIPPA or GDPR.

Question 9

Integrity management

Answer 9

Maintaining control over the copies of code. Also placing a hash on the code to reference it to a table to which version you have.

Question 10

Normalization

Question 11

Stored Procedures

Answer 11

Precompiled scripts in the production. Benefit is speed and code is less flexible.

Question 12

Obfuscation/Camouflage code

Answer 12

Masking source code with XOR and ROT 13 from attackers.

Question 13

Code Reuse

Answer 13

Also referred to Legacy code. The cold stills needs to go through security.
Saves money in the development environment.

Question 14

Dead Code

Answer 14

Code that isn’t used anywhere in software.

Question 15

Server-Side vs. Client-Side Execution and Validation

Answer 15

Sever-side checks data on the server side, only safe way
Client-side, can’t validate any inputs. Can inject malicious code, JavaScript, HTML, or URLs

Question 16

Memory Management

Answer 16

Process: Use memory, return memory back to the system if not used.
If not managed correctly it could cause a memory leak.

Question 17

SDK

Answer 17

(Software development kit)
Third party set of software programs and tools to create apps.

Question 18

Data Exposure

Answer 18

Losing data or control of data during operations

Question 19

OWASP

Answer 19

(Open Web Application Security Project)
Non-profit that has update list on he most common application vulnerabilities

Question 20

Software Diversity

Answer 20

Taking the “High-level language” (readable English code) and converting into Machine language (1&0). Can be done instantly or scripted.

Question 21

Complier

Answer 21

Take High level Language and converts it into Machine code.

Question 22

Continuous monitoring

Answer 22

Auto detecting security issues and sending alerts to security personnel. Uses Scripts

Question 23

Continuous Validation

Answer 23

Testing code to see if the code functional with the existing codebase.

Question 24

Continuous Integration

Answer 24

Allows for testing and updating parts of the codebase without uploading the entire codebase.

Question 25

Continuous Delivery

Answer 25

Allows automated testing and is a automated release that you allow updates when they are complete.

Question 26

Continuous Deployment

Answer 26

Release if the update automatically without you enabling it. Just like Continuous Delivery but you don't control it.

Question 27

Version Control

Answer 27

Documenting software updates and having a list of what is what. Good for reverting back to the previous versions.

Question 28

Elasticity

Answer 28

The ability of a system to automatically grow and shrink based on app demand