CHAPTER 10_Software Development Security Flashcards Preview

CISSP_TEST > CHAPTER 10_Software Development Security > Flashcards

Flashcards in CHAPTER 10_Software Development Security Deck (329):
1

System development life cycle (SDLC)

A methodical approach to standardize requirements discovery, design, development, testing, and implementation in every phase of a system. It is made up of the following phases: initiation, acquisition/development, implementation, operation/maintenance, and disposal.

2

Context-dependent access control

Context-dependent access control means that the software "understands" what actions should be allowed based upon the state and sequence of the request. So what does that mean? It means the software must keep track of previous access attempts by the user and understand what sequences of access steps are allowed. Content-dependent access control can go like this: "Does Julio have access to File A?" The system reviews the ACL on File A and returns with a response of "Yes, Julio can access the file, but can only read it." In a context-dependent access control situation, it would be more like this: "Does Julio have access to File A?" The system then reviews several pieces of data: What other access attempts has Julio made? Is this request out of sequence of how a safe series of requests takes place? Does this request fall within the allowed time period of system access (8 A.M. to 5 P.M.)? If the answers to all of these questions are within a set of preconfigured parameters, Julio can access the file. If not, he needs to go find something else to do.

3

Logic bomb

Executes a program, or string of code, when a certain event happens or a date and time arrives.

4

Parameter validation

The values that are being received by the application are validated to be within defined limits before the server application processes them within the system.

5

Rapid Application Development (RAD)

The Rapid Application Development (RAD) model relies more on the use of rapid prototyping instead of extensive upfront planning. In this model, the planning of how to improve the software is interleaved with the processes of developing the software, which allows for software to be developed quickly. The delivery of a workable piece of software can take place in less than half the time compared to other development models. The RAD model combines the use of prototyping and iterative development procedures with the goal of accelerating the software development process. The development process begins with creating data models and business process models to help define what the end-result software needs to accomplish. Through the use of prototyping, these data and process models are refined. These models provide input to allow for the improvement of the prototype, and the testing and evaluation of the prototype allow for the improvement of the data and process models. The goal of these steps is to combine business requirements and technical design statements, which provide the direction in the software development project.

6

Reuse model

A model that approaches software development by using progressively developed models. Reusable programs are evolved by gradually modifying pre-existing prototypes to customer specifications. Since the reuse model does not require programs to be built from scratch, it drastically reduces both development cost and time.

7

Java Platform, Enterprise Edition

Another distributed computing model is based upon the Java programming language, which is the Java Platform, Enterprise Edition (J2EE). Just as the COM and CORBA models were created to allow a modular approach to programming code with the goal of interoperability, J2EE defines a client/server model that is object oriented and platform independent.

8

Immunizer

Attaches code to the file or application, which would fool a virus into "thinking" it was already infected.

9

Static Analysis

Static analysis is a debugging technique that is carried out by examining the code without executing the program, and therefore is carried out before the program is compiled. The term static analysis is generally reserved for automated tools that assist programmers and developers, whereas manual inspection by humans is generally referred to as code review.

10

Work breakdown structure (WBS)

A project management tool used to define and group a project’s individual work elements in an organized manner.

11

Trigger

Uses an event to initiate its payload execution

12

Attack surface analysis

Identify and reduce the amount of code accessible to untrusted users.

13

10. Databases can record transactions in real time, which usually updates more than one database in a distributed environment. This type of complexity can introduce many integrity threats, so the database software should implement the characteristics of what’s known as the ACID test. Which of the following are incorrect characteristics of the ACID test?

  i. Atomicity Divides transactions into units of work and ensures that all modifications take effect or none take effect.

  ii. Consistency A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases.

  iii. Isolation Transactions execute in isolation until completed, without interacting with other transactions.

  iv. Durability Once the transaction is verified as inaccurate on all systems, it is committed and the databases cannot be rolled back.

  A. i, ii

  B. ii. iii

  C. ii, iv

  D. iv

10. D. The following are correct characteristics of the ACID test:

• Atomicity Divides transactions into units of work and ensures that all modifications take effect or none take effect. Either the changes are committed or the database is rolled back.

• Consistency A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases.

• Isolation Transactions execute in isolation until completed without interacting with other transactions. The results of the modification are not available until the transaction is completed.

• Durability Once the transaction is verified as accurate on all systems, it is committed and the databases cannot be rolled back.

14

Capability Maturity Model Integration (CMMI) model

A process improvement approach that provides organizations with the essential elements of effective processes, which will improve their performance.

15

Open Database Connectivity (ODBC)

An API that allows an application to communicate with a database, either locally or remotely. The application sends requests to the ODBC API. ODBC tracks down the necessary database-specific driver for the database to carry out the translation, which in turn translates the requests into the database commands that a specific database will understand.

16

Verification

Determines if the product accurately represents and meets the specifications.

17

Path or directory traversal

This attack is also known as the "dot dot slash" because it is perpetrated by inserting the characters "../" several times into a URL to back up or traverse into directories that weren’t supposed to be accessible from the Web. The command "../" at the command prompt tells the system to back up to the previous directory (i.e., "cd ../"). If a web server’s default directory is c:\inetpub\www, a URL requesting http://www.website.com/scripts/../../../../../windows/system32/cmd.exe?/c+dir+c:\ would issue the command to back up several directories to ensure it has gone all the way to the root of the drive and then make the request to change to the operating system directory (windows\ system32) and run the cmd.exe listing the contents of the C: drive. Access to the command shell allows extensive access for the attacker.

18

Data structure

A representation of the logical relationship between elements of data.

19

distributed

Distributed Component Object Model (DCOM) supports the same model for component interaction, and also supports distributed interprocess communication (IPC). COM enables applications to use components on the same systems, while DCOM enables applications to access objects that reside in different parts of a network. So this is how the client/server-based activities are carried out by COM-based operating systems and/or applications.

20

P3

Low Privacy Risk: No behaviors exist within the feature, product, or services that affect privacy. No anonymous or personal data is transferred, no PII is stored on the machine, no settings are changed on the user’s behalf, and no software is installed.

21

knowledge-based systems

Expert systems, also called knowledge-based systems, use artificial intelligence (AI) to solve problems.

22

evolutionary prototypes

When evolutionary prototypes are developed, they are built with the goal of incremental improvement. Instead of being discarded after being developed, as in the rapid prototype approach, the prototype in this model is continually improved upon until it reaches the final product stage. Feedback that is gained through each development phase is used to improve the prototype and get closer to accomplishing the customer’s needs.

23

DOM (Document Object Model)

DOM (Document Object Model)-based XSS vulnerabilities are also referred to as local cross-site scripting. DOM is the standard structure layout to represent HTML and XML documents in the browser. In such attacks the document components such as form fields and cookies can be referenced through JavaScript. The attacker uses the DOM environment to modify the original client-side JavaScript. This causes the victim’s browser to execute the resulting abusive JavaScript code.

24

Database Management Software

A database is a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed. Databases are managed with software that provides these types of capabilities. It also enforces access control restrictions, provides data integrity and redundancy, and sets up different procedures for data manipulation. This software is referred to as a database management system (DBMS) and is usually controlled by a database administrator. Databases not only store data, but may also process data and represent them in a more usable and logical form. DBMSs interface with programs, users, and data within the database. They help us store, organize, and retrieve information effectively and efficiently.

25

Dynamic analysis

Dynamic analysis refers to the evaluation of a program in real time, i.e., when it is running. Dynamic analysis is carried out once a program has cleared the static analysis stage and basic programming flaws have been rectified offline.

26

Antivirus Software

Traditional antivirus software uses signatures to detect malicious code. The signature is a fingerprint created by the antivirus vendor. The signature is a sequence of code that was extracted from the virus itself. Just like our bodies have antibodies that identify and go after a specific type of foreign material, an antivirus software package has an engine that uses these signatures to identify malware. The antivirus software scans files, e-mail messages, and other data passing through specific protocols, and then compares them to its database of signatures. When there is a match, the antivirus software carries out whatever activities it is configured to do, which can be to quarantine the file, attempt to clean the file (remove the virus), provide a warning message dialog box to the user, and/or log the event.

27

Requirements Gathering Phase

So what are we building and why?

This is the phase when everyone involved attempts to understand why the project is needed and what the scope of the project entails. Either a specific customer needs a new application or a demand for the product exists in the market. During this phase, the team examines the software’s requirements and proposed functionality, brainstorming sessions take place, and obvious restrictions are reviewed.

28

Distributed Computing Environment (DCE)

Distributed Computing Environment (DCE) is a standard developed by the Open Software Foundation (OSF), also called Open Group. It is a client/server framework that is available to many vendors to use within their products. This framework illustrates how various capabilities can be integrated and shared between heterogeneous systems. DCE provides a Remote Procedure Call (RPC) service, security service, directory service, time service, and distributed file support. It was one of the first attempts at distributed computing in the industry.

29

Which Standard Is Best?

So which "best practice" or standard is best for you? Most of these are general enough to be applied to different organizations and their various software development processes, but each approach has its specific focus. CMMI is a process improvement model, WASC and OWASP focus on integrating security into software development processes, BSI has a focus of protecting critical infrastructure but can be used in any software development project, and ISO/IEC 27034 is a general approach that is used more in the private industry. As with most technological standards, there is a lot of overlap between them.

30

Rollback

An operation that ends a current transaction and cancels all the recent changes to the database until the previous checkpoint/commit point.

31

Unit testing

Individual component is in a controlled environment where programmers validate data structure, logic, and boundary conditions.

32

primary key

The primary key is an identifier of a row and is used for indexing in relational databases. Each row must have a unique primary key to properly represent the row as one entity. When a user makes a request to view a record, the database tracks this record by its unique primary key. If the primary key were not unique, the database would not know which record to present to the user. In the following illustration, the primary keys for Table A are the dogs’ names. Each row (tuple) provides characteristics for each dog (primary key). So when a user searches for Cricket, the characteristics of the type, weight, owner, and color will be provided.

33

Spiral

Iterative approach that emphasizes risk analysis per iteration. Allows for customer feedback to be integrated through a flexible evolutionary approach.

34

Worms

These are different from viruses in that they can reproduce on their own without a host application and are self-contained programs.

35

Repeatable

A formal management structure, change control, and quality assurance are in place. The company can properly repeat processes throughout each project. The company does not have formal process models defined.

36

Exploratory model

A method that is used in instances where clearly defined project objectives have not been presented. Instead of focusing on explicit tasks, the exploratory model relies on covering a set of specifications that are likely to affect the final product’s functionality. Testing is an important part of exploratory development, as it ascertains that the current phase of the project is compliant with likely implementation scenarios.

37

Operations/Maintenance

The system was secure when we installed it. I am sure nothing has changed since then.

A system should have baselines set pertaining to the system’s hardware, software, and firmware configuration during the implementation phase. In the operation and maintenance phase, continuous monitoring needs to take place to ensure that these baselines are always met. For example, a configuration baseline for a Windows 2008 system could dictate that verbose auditing must be enabled, Registry settings must meet certain values, and IPv6 must be disabled. There are several things that could affect these configurations over time, such as the installation of new software, user activities, or malicious software. The changes could directly affect the system’s functionality or protection level; thus, these settings must be continually monitored.

38

Testing/Validation Phase

Formal and informal testing should begin as soon as possible. Unit testing can start very early in development. After a programmer develops a component, or unit of code, it is tested with several different input values and in many different situations. The goal of this type of testing is to isolate each part of the software and show that the individual parts are correct. Unit testing usually continues throughout the development phase. A totally different group of people should carry out the formal testing. This is an example of separation of duties. A programmer should not develop, test, and release software. The more eyes that see the code, the greater the chance that flaws will be found before the product is released.

39

Distributed Component Object Model (DCOM)

Distributed Component Object Model (DCOM) supports the same model for component interaction, and also supports distributed interprocess communication (IPC). COM enables applications to use components on the same systems, while DCOM enables applications to access objects that reside in different parts of a network. So this is how the client/server-based activities are carried out by COM-based operating systems and/or applications.

40

service-oriented architecture (SOA)

While many of the previously described distributed computing technologies are still in use, the industry has moved toward and integrated another approach in providing commonly needed application functionality and procedures across various environments. A service-oriented architecture (SOA) provides standardized access to the most needed services to many different applications at one time. Application functionality is separated into distinct units (services) and offered up through well-defined interfaces and data-sharing standardization. This means that individual applications do not need to possess the same redundant code and functionality. The functionality can be offered by an individual entity and then all other applications can just call upon and use the one instance. This is really the crux of all distributed computing technologies and approaches—SOA is just a more web-based approach.

41

ActiveX

A Microsoft technology composed of a set of OOP technologies and tools based on COM and DCOM. It is a framework for defining reusable software components in a programming language-independent manner.

42

Defined

Formal procedures are in place that outline and define processes carried out in each project. The organization has a way to allow for quantitative process improvement.

43

Design Phase

This is the phase that starts to map theory to reality. The theory encompasses all of the requirements that were identified in previous phases, and the design outlines how the product is actually going to accomplish these requirements.

44

tunneling virus

Another type of virus, called the tunneling virus, attempts to install itself "under" the antivirus program. When the antivirus goes around doing its health check on critical files, file sizes, modification dates, and so on, it makes a request to the operating system to gather this information. Now, if the virus can put itself between the antivirus and the operating system, when the antivirus sends out a command (system call) for this type of information, the tunneling virus can intercept this call. Instead of the operating system responding to the request, the tunneling virus responds with information that indicates that everything is fine and healthy and that there is no indication of any type of infection.

45

Object-oriented design (OOD)

Object-oriented design (OOD) creates a representation of a real-world problem and maps it to a software solution using OOP. The result of an OOD is a design that modularizes data and procedures. The design interconnects data objects and processing operations.

46

Object linking and embedding (OLE)

Object linking and embedding (OLE) provides a way for objects to be shared on a local personal computer and to use COM as their foundation. OLE enables objects—such as graphics, clipart, and spreadsheets—to be embedded into documents. The capability for one program to call another program is called linking. The capability to place a piece of data inside a foreign program or document is called embedding.

47

Waterfall

Sequential approach that requires each phase to complete before the next one can begin. Difficult to integrate changes. Inflexible model.

48

stealth virus

A stealth virus hides the modifications it has made to files or boot records. This can be accomplished by monitoring system functions used to read files or sectors and forging the results. This means that when an antivirus program attempts to read an infected file or sector, the original uninfected form will be presented instead of the actual infected form. The virus can hide itself by masking the size of the file it is hidden in or actually move itself temporarily to another location while an antivirus program is carrying out its scanning process.

49

Logic Bombs

A logic bomb executes a program, or string of code, when a certain set of conditions are met. For example, a network administrator may install and configure a logic bomb that is programmed to delete the company’s whole database if he is terminated.

50

knowledge discovery in database (KDD)

Data mining is also known as knowledge discovery in database (KDD), and is a combination of techniques to identify valid and useful patterns. Different types of data can have various interrelationships, and the method used depends on the type of data and the patterns sought. The following are three approaches used in KDD systems to uncover these patterns:

51

Transaction persistence

NOTE Transaction persistence means the database procedures carrying out transactions are durable and reliable. The state of the database’s security should be the same after a transaction has occurred, and the integrity of the transaction needs to be ensured.

52

14. A. The software development models and their definitions are as follows:

  • Joint Analysis Development (JAD) A method that uses a team approach in application development in a workshop-oriented environment.
  • Rapid Application Development (RAD) A method of determining user requirements and developing systems quickly to satisfy immediate needs.
  • Reuse Model A model that approaches software development by using progressively developed models. Reusable programs are evolved by gradually modifying pre-existing prototypes to customer specifications. Since the Reuse model does not require programs to be built from scratch, it drastically reduces both development cost and time.
  • Cleanroom An approach that attempts to prevent errors or mistakes by following structured and formal methods of developing and testing. This approach is used for high-quality and critical applications that will be put through a strict certification process.

53

Fast flux

NOTE Fast flux is an evasion technique. Botnets can use fast flux functionality to hide the phishing and malware delivery sites they are using. One common method is to rapidly update DNS information to disguise the hosting location of the malicious web sites.

54

Component Object Model (COM)

Component Object Model (COM) is a model that allows for interprocess communication within one application or between applications on the same computer system. The model was created by Microsoft and outlines standardized APIs, component naming schemes, and communication standards. So if I am a developer and I want my application to be able to interact with the Windows operating system and the different applications developed for this platform, I will follow the COM outlined standards.

55

artificial neural network (ANN)

An artificial neural network (ANN) is a mathematical or computational model based on the neural structure of the brain. Computers perform activities like calculating large numbers, keeping large ledgers, and performing complex mathematical functions, but they cannot recognize patterns or learn from experience as the brain can. ANNs contain many units that stimulate neurons, each with a small amount of memory. The units work on data that are input through their many connections. Via training rules, the systems are able to learn from examples and have the capability to generalize.

56

Sandbox

A virtual environment that allows for very fine-grained control over the actions that code within the machine is permitted to take. This is designed to allow safe execution of untrusted code from remote sources.

57

Foreign key

An attribute of one table that is related to the primary key of another table.

58

polymorphic virus

A polymorphic virus produces varied but operational copies of itself. This is done in the hopes of outwitting a virus scanner. Even if one or two copies are found and disabled, other copies may still remain active within the system.

59

Development Phase

Code jockeys to your cubes and start punching those keys!

This is the phase where the programmers become deeply involved. The software design that was created in the previous phase is broken down into defined deliverables, and programmers develop code to meet the deliverable requirements.

60

Joint Analysis Development (JAD)

A method that uses a team approach in application development in a workshop-oriented environment.

61

Assembly language

A low-level programming language that is the mnemonic representation of machine-level instructions.

62

Expert systems

Otherwise known as knowledge-based systems, these use artificial intelligence (AI) to solve complex problems. They are systems that emulate the decision-making ability of a human expert.

63

Probabilistic

Identifies data interdependencies and applies probabilities to their relationships.

64

Database

A collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed.

65

Object-relational database (ORD)

Uses object-relational database management system (ORDBMS) and is a relational database with a software front end that is written in an object-oriented programming language.

66

Verification versus Validation

Verification determines if the product accurately represents and meets the specifications. After all, a product can be developed that does not match the original specifications, so this step ensures the specifications are being properly met.

67

Implementation and Default Issues

If I have not said "yes," then the answer is "no."

As many people in the technology field know, out-of-the-box implementations are usually far from secure. Most security has to be configured and turned on after installation—not being aware of this can be dangerous for the inexperienced security person. The Windows operating system has received its share of criticism for lack of security, but the platform can be secured in many ways. It just comes out of the box in an insecure state because settings have to be configured to properly integrate it into different environments, and this is a friendlier way of installing the product for users. For example, if Mike is installing a new software package that continually throws messages of "Access Denied" when he is attempting to configure it to interoperate with other applications and systems, his patience might wear thin, and he might decide to hate that vendor for years to come because of the stress and confusion inflicted upon him.

68

Prototyping

Creating a sample or model of the code for proof-of-concept purposes.

69

Incremental

Multiple development cycles are carried out on a piece of software throughout its development stages. Each phase provides a usable version of software.

70

Java Database Connectivity (JDBC) An API that allows a Java application to communicate with a database. The application can bridge through ODBC or directly to the database. The following are some characteristics of JDBC:

  • It is an API that provides the same functionality as ODBC but is specifically designed for use by Java database applications.
  • It has database-independent connectivity between the Java platform and a wide range of databases.
  • JDBC is a Java API that enables Java programs to execute SQL statements.

71

Build and Fix Model

Basically, no architecture design is carried out in the Build and Fix model; instead, development takes place immediately with little or no planning involved. Problems are dealt with as they occur, which is usually after the software product is released to the customer.

72

Disposal

System is removed from production environment

73

mashup

A mashup is the combination of functionality, data, and presentation capabilities of two or more sources to provide some type of new service or functionality. Open APIs and data sources are commonly aggregated and combined to provide a more useful and powerful resource. For example, the site http://hireadroid.com combines the functionality of APIs provided by the following sites: CareerBuilder, LinkedIn, LinkUp Job Search Engine, and Simply Hired Jobs.

74

Administrative Interfaces

Everyone wants to work from the coffee shop or at home in their pajamas. Webmasters and web developers are particularly fond of this concept. Although some systems mandate that administration be carried out from a local terminal, in most cases, there is an interface to administer the systems remotely, even over the Web. While this may be convenient to the webmaster, it also provides an entry point into the system for an unauthorized user.

75

Spam Detection

We are all pretty tired of receiving emails that try to sell us things we don’t need. A great job, a master’s degree that requires no studying, and a great sex life are all just a click away (and only $19.99!)—as promised by this continual stream of messages. These emails have been given the label spam, which is electronic unsolicited junk email. Along with being a nuisance, spam eats up a lot of network bandwidth and can be the source of spreading malware. Many organizations have spam filters on their mail servers, and users can configure spam rules within their e-mail clients, but just as virus writers always come up with ways to circumvent antivirus software, spammers come up with clever ways of getting around spam filters.

76

1. Data marts, databases, and data warehouses have distinct characteristics. Which of the following does not correctly describe a data warehouse?

A. It could increase the risk of privacy violations.

B. It is developed to carry out analysis.

C. It contains data from several different sources.

D. It is created and used for project-based tactical reasons.

Extended Questions:

CORRECT D. A data warehouse is not commonly created and used for project-based tactical reasons. That description is characteristic of a data mart, which is a portion of a database that is used for a short period of time mainly for projects to determine tactical approaches to a problem. A data warehouse, on the other hand, is created for the purpose of conducting data mining and analysis for strategic reasons.

WRONG A is incorrect because data warehouses could increase the risk of privacy violations considering that data is collected from several different sources and is held in one central location (the warehouse). Although this provides easier access and control, because the data warehouse is in one place, it also requires more stringent security. If an intruder got into the data warehouse, she could access all of the company’s information at once.

WRONG B is incorrect because the statement is true; data warehouses are commonly created for the purpose of analysis. The analysis allows for strategic decisions to be made; for example, those related to business trends, fraudulent activities, or marketing effectiveness. The analysis work is commonly carried out through data mining activities.

WRONG C is incorrect because a data warehouse does contain data from several different sources. Data is extracted from different databases and other data locations, transferred to a central data storage place called a warehouse, and normalized. This enables users to query a single entity rather than accessing and querying different data sources, and allows for more efficient information retrieval and data analysis.

77

Data mining

Otherwise known as knowledge discovery in database (KDD), which is the process of massaging the data held in the data warehouse into more useful information.

78

Software Configuration Management

When changes take place to a software product during its development life cycle, a configuration management system can be put into place that allows for change control processes to take place through automation. A product that provides Software Configuration Management (SCM) identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. It defines the need to track changes and provides the ability to verify that the final delivered software has all of the approved changes that are supposed to be included in the release.

79

Database management system (DBMS)

Enforces access control restrictions, provides data integrity and redundancy, and sets up different procedures for data management manipulation.

80

Web proxy

A piece of software installed on a system that is designed to intercept all traffic between the local web browser and the web server.

81

How Do We Know What to Create?

Object-oriented analysis (OOA) is the process of classifying objects that will be appropriate for a solution. A problem is analyzed to determine the classes of objects to be used in the application.

82

3. A system has been patched many times and has recently become infected with a dangerous virus. If antivirus software indicates that disinfecting a file may damage it, what is the correct action?

  A. Disinfect the file and contact the vendor.

  B. Back up the data and disinfect the file.

  C. Replace the file with the file saved the day before.

  D. Restore an uninfected version of the patched file from backup media.

3. D. Some files cannot be properly sanitized by the antivirus software without destroying them or affecting their functionality. So, the administrator must replace such a file with a known uninfected file. Plus, the administrator needs to make sure he has the patched version of the file, or else he could be introducing other problems. Answer C is not the best answer because the administrator may not know the file was clean yesterday, so just restoring yesterday’s file may put him right back in the same boat.

83

URL encoding

Ever notice a "space" that appears as "%20" in a URL in a web browser? The "%20" represents the space because spaces aren’t allowed characters in a URL. Much like the attacks using Unicode characters, attackers found that they could bypass filtering techniques and make requests by representing characters differently.

84

Separation of Duties

Different environmental types (development, testing, and production) should be properly separated, and functionality and operations should not overlap. Developers should not have access to code used in production. The code should be tested, submitted to a library, and then sent to the production environment.

85

Isolation

Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.

86

Software as a Service (SAAS)

A software delivery model that allows applications and data to be centrally hosted and accessed by thin clients, commonly web browsers. A common delivery method of cloud computing.

87

data structure

A data structure is a representation of the logical relationship between elements of data. It dictates the degree of association among elements, methods of access, processing alternatives, and the organization of data elements.

88

Testing/Validation

Validating software to ensure that goals are met and the software works as planned

89

Informational model

Dictates the type of information to be processed and how it will be processed

90

Object-oriented programming (OOP)

Object-oriented programming (OOP) methods perform the same functionality, but with different techniques that work in a more efficient manner. First, you need to understand the basic concepts of OOP.

91

Computer-aided software engineering (CASE)

Refers to software that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version-control mechanisms, and more.

92

web proxy

A web proxy is a piece of software installed on a system that is designed to intercept all traffic between the local web browser and the web server. Using freely available web proxy software (such as Achilles or Burp Proxy), an attacker could monitor and modify any information as it travels in either direction. In the preceding example, when the server tells the client via a session cookie that the "number of allowed logins = 3," if that information is intercepted by an attacker using one of these proxies and he changes the value to "number of allowed logins = 50000," this would effectively allow a brute force attack on the system if it has no other validation mechanism in place.

93

7. When should security first be addressed in a project?

  A. During requirements development

  B. During integration testing

  C. During design specifications

  D. During implementation

7. A. The trick to this question, and any one like it, is that security should be implemented at the first possible phase of a project. Requirements are gathered and developed at the beginning of a project, which is project initiation. The other answers are steps that follow this phase, and security should be integrated right from the beginning instead of in the middle or at the end.

94

Data modeling

Considers data independently of the way the data are processed and of the components that process the data. A process used to define and analyze data requirements needed to support the business processes.

95

Data dictionary

Central repository of data elements and their relationships.

96

Expert Systems

An expert system is a computer program containing a knowledge base and a set of algorithms and rules used to infer new facts from data and incoming requests.

97

Common Object Request Broker Architecture (CORBA)

Open object-oriented standard architecture developed by the Object Management Group (OMG). The standards enable software components written in different computer languages and running on different systems to communicate.

98

Object-oriented analysis (OOA)

Object-oriented analysis (OOA) is the process of classifying objects that will be appropriate for a solution. A problem is analyzed to determine the classes of objects to be used in the application.

99

A database is the mechanism that provides structure for the data collected. The actual specifications of the structure may be different per database implementation, because different organizations or departments work with different types of data and need to perform diverse functions upon that information. There may be different workloads, relationships between the data, platforms, performance requirements, and security goals. Any type of database should have the following characteristics:

  • It centralizes by not having data held on several different servers throughout the network.
  • It allows for easier backup procedures.
  • It provides transaction persistence.
  • It allows for more consistency since all the data are held and maintained in one central location.
  • It provides recovery and fault tolerance.
  • It allows the sharing of data with multiple users.
  • It provides security controls that implement integrity checking, access control, and the necessary level of confidentiality.

100

parameter validation

The issue of parameter validation is akin to the issue of input validation mentioned earlier. Parameter validation is where the values that are being received by the application are validated to be within defined limits before the server application processes them within the system. The main difference between parameter validation and input validation would have to be whether the application was expecting the user to input a value as opposed to an environment variable that is defined by the application. Attacks in this area deal with manipulating values that the system would assume are beyond the client being able to configure, mainly because there isn’t a mechanism provided in the interface to do so.

101

Object Linking and Embedding

Object linking and embedding (OLE) provides a way for objects to be shared on a local personal computer and to use COM as their foundation. OLE enables objects—such as graphics, clipart, and spreadsheets—to be embedded into documents. The capability for one program to call another program is called linking. The capability to place a piece of data inside a foreign program or document is called embedding.

102

1. An application is downloaded from the Internet to perform disk cleanup and to delete unnecessary temporary files. The application is also recording network login data and sending them to another party. This application is best described as which of the following?

  A. A virus

  B. A Trojan horse

  C. A worm

  D. A logic bomb

1. B. A Trojan horse looks like an innocent and helpful program, but in the background it is carrying out some type of malicious activity unknown to the user. The Trojan horse could be corrupting files, sending the user’s password to an attacker, or attacking another computer.

103

Change control

The process of controlling the changes that take place during the life cycle of a system and documenting the necessary change control activities.

104

Online transaction processing (OLTP)

Online transaction processing (OLTP) is generally used when databases are clustered to provide fault tolerance and higher performance. OLTP provides mechanisms that watch for problems and deal with them appropriately when they do occur. For example, if a process stops functioning, the monitor mechanisms within OLTP can detect this and attempt to restart the process. If the process cannot be restarted, then the transaction taking place will be rolled back to ensure no data are corrupted or that only part of a transaction happens. Any erroneous or invalid transactions detected should be written to a transaction log. The transaction log also collects the activities of successful transactions. Data are written to the log before and after a transaction is carried out so a record of events exists.

105

Server side includes (SSI)

An interpreted server-side scripting language used almost exclusively for web-based communication. It is commonly used to include the contents of one or more files into a web page on a web server. Allows web developers to reuse content by inserting the same content into multiple web documents.

106

high coupling

An example of low coupling would be one module passing a variable value to another module. As an example of high coupling, Module A would pass a value to Module B, another value to Module C, and yet another value to Module D. Module A cannot complete its tasks until Modules B, C, and D complete their tasks and return results back to Module A.

107

Persistent XSS

Persistent XSS vulnerabilities, also known as stored or second order vulnerabilities, are generally targeted at web sites that allow users to input data which are stored in a database or any other such location, e.g., forums, message boards, guest books, etc. The attacker posts some text that contains some malicious JavaScript, and when other users later view the posts, their browsers render the page and execute the attackers JavaScript.

108

Regression testing

After a change to a system takes place, retesting to ensure functionality, performance, and protection.

109

system development life cycle (SDLC)

A life cycle is a representation of development changes. A person is conceived, born, matures (baby, toddler, teenager, middle age, elderly), and dies. Such is the circle of life. Projects have a life cycle: initiation, planning, execution and controlling, and closure. A system has its own developmental life cycle, which is made up of the following phases: initiation, acquisition/development, implementation, operation/maintenance, and disposal. Collectively these are referred to as a system development life cycle (SDLC). Here are the basic components of each phase:

110

work breakdown structure (WBS)

A work breakdown structure (WBS) is a project management tool used to define and group a project’s individual work elements in an organized manner. The SDLC should be illustrated in a WBS format, so that each phase is properly addressed.

111

Specific Threats for Web Environments : The most common types of vulnerabilities, threats, and complexities are covered in the following sections, which we will explore one at a time:

  • Information gathering
  • Administrative interfaces
  • Authentication and access control
  • Input validation
  • Parameter validation
  • Session management

112

Formal risk assessment

Identifies vulnerabilities and threats in the proposed system and the potential risk levels as they pertain to confidentiality, integrity, and availability. This builds upon the initial risk assessment carried out in the previous phase. The results of this assessment help the team build the system’s security plan.

113

CORBA and ORBs

Has anyone seen my ORB? I need to track down an object.

If we want software components to be able to communicate with each other, this means standardized interfaces and communication methods must be used. This is the only way interoperability can take place.

114

Web Application Security Principles

Considering their exposed nature, web sites are primary targets during an attack. It is, therefore, essential for web developers to abide by the time-honored and time-tested principles to provide the maximum level of deterrence to attackers. Web application security principles are meant to govern programming practices to regulate programming styles and strategically reduce the chances of repeating known software bugs and logical flaws.

115

Self-garbling virus

Attempts to hide from antivirus software by modifying its own code so that it does not match predefined signatures.

116

attack surface

An attack surface is what is available to be used by an attacker against the product itself. As an analogy, if you were wearing a suit of armor and it only covered half of your body, the other half would be your vulnerable attack surface. Before you went into battle, you would want to reduce this attack surface by covering your body with as much protective armor as possible. The same can be said about software. The development team should reduce the attack surface as much as possible because the greater the attack surface of software, the more avenues for the attacker; and hence, the greater the likelihood of a successful compromise.

117

Where Do We Place Security?

"I put mine in my shoe."

Today, many security efforts look to solve security problems through controls such as firewalls, intrusion detection systems (IDSs), content filtering, antivirus software, vulnerability scanners, and much more. This reliance on a long laundry list of controls occurs mainly because our software contains many vulnerabilities. Our environments are commonly referred to as hard and crunchy on the outside and soft and chewy on the inside. This means our perimeter security is fortified and solid, but our internal environment and software are easy to exploit once access has been obtained.

118

Rapid Application Development

Combines prototyping and iterative development procedures with the goal of accelerating the software development process.

119

Software Development Models

There have been several software development models developed over the last 20 or so years. Each model has its own characteristics, pros, cons, SDLC phases, and best use-case scenarios. While some models include security issues in certain phases, these are not considered "security-centric development models." These are classical approaches on how to build and develop software. A brief discussion of some of the models that have been used over the years is covered next.

120

Multipart virus

Also called a multipartite virus, this has several components to it and can be distributed to different parts of the system. It infects and spreads in multiple ways, which makes it harder to eradicate when identified.

121

Online transaction processing (OLTP)

Online transaction processing (OLTP) is generally used when databases are clustered to provide fault tolerance and higher performance. OLTP provides mechanisms that watch for problems and deal with them appropriately when they do occur. For example, if a process stops functioning, the monitor mechanisms within OLTP can detect this and attempt to restart the process. If the process cannot be restarted, then the transaction taking place will be rolled back to ensure no data are corrupted or that only part of a transaction happens. Any erroneous or invalid transactions detected should be written to a transaction log. The transaction log also collects the activities of successful transactions. Data are written to the log before and after a transaction is carried out so a record of events exists.

122

embedding

Object linking and embedding (OLE) provides a way for objects to be shared on a local personal computer and to use COM as their foundation. OLE enables objects—such as graphics, clipart, and spreadsheets—to be embedded into documents. The capability for one program to call another program is called linking. The capability to place a piece of data inside a foreign program or document is called embedding.

123

computer-aided software engineering (CASE)

There are many computer-aided software engineering (CASE) tools that programmers can use to generate code, test software, and carry out debugging activities. When these types of activities are carried out through automated tools, development usually takes place more quickly with fewer errors.

124

Development

Programming software code to meet specifications laid out in the design phase

125

Crimeware Toolkits

It used to require programming knowledge to be able to create and spread malware, but today people can purchase crimeware toolkits that allow them to create their own tailored malware through GUI-based tools. These toolkits provide pre-developed malicious code that can be easily customized, deployed, and automated. The kits are sold in the online underground black market and allow people with little to no technical skill to carry out cybercrime activities. These "out-of-the-box" solutions have lowered the entry barrier for cybercriminals by making sophisticated attacks easy to carry out.

126

Language Levels

High, really high, very high, not so high, kind of short. What does this really mean?

The "higher" the language, the more abstraction that is involved. Abstraction means that the details of something are far away and/or hidden. A programming language that provides high abstraction means that the programmer does not need to worry about the intricate details of the computer system itself, as in registers, memory addresses, complex Boolean expressions, thread management, etc. The programmer can use simple statements such as "print," and she does not need to worry about how the computer will actually get the data over to the printer. Instead, she can focus on the core functionality that the application is supposed to provide and not be bothered with the complex things taking place in the belly of the operating system and motherboard components.

127

Security test and evaluation plan

Outlines how security controls should be evaluated before the system is approved and deployed.

128

(very high-level languages)

Fourth-generation languages (very high-level languages) were designed to further enhance the natural language approach instigated within the third-generation language. Fourth-generation languages are meant to take natural language-based statements one step further. Fourth-generation programming languages focus on highly abstract algorithms that allow straightforward programming implementation in specific environments. The most remarkable aspect of fourth-generation languages is that the amount of manual coding required to perform a specific task may be ten times less than for the same task on a third-generation language. This is especially important as these languages have been developed to be used by inexpert users and not just professional programmers.

129

Antivirus information and expected user behaviors should be integrated into the security-awareness program, along with who a user should contact if she discovers a virus. A standard should cover the do’s and don’ts when it comes to malware, which are listed next:

  • Every workstation, server, and mobile device should have antimalware software installed.
  • An automated way of updating antivirus signatures should be deployed on each device.
  • Users should not be able to disable antivirus software.
  • A preplanned malware eradication process should be developed and a contact person designated in case of an infection.
  • All external disks (USB drives and so on) should be scanned automatically.
  • Backup files should be scanned.
  • Antivirus policies and procedures should be reviewed annually.
  • Antivirus software should provide boot virus protection.
  • Antivirus scanning should happen at a gateway and on each device.
  • Virus scans should be automated and scheduled. Do not rely on manual scans.
  • Critical systems should be physically protected so malicious software cannot be installed locally.

130

logic bomb

A logic bomb executes a program, or string of code, when a certain set of conditions are met. For example, a network administrator may install and configure a logic bomb that is programmed to delete the company’s whole database if he is terminated.

131

P1

High Privacy Risk: The feature, product, or service stores or transfers Personally Identifiable Information (PII); monitors the user with an ongoing transfer of anonymous data; changes settings or file type associations; or installs software.

132

Artificial neural network (ANN)

A mathematical or computational model based on the neural structure of the brain.

133

Managed

The company has formal processes in place to collect and analyze quantitative data, and metrics are defined and fed into the process-improvement program.

134

Mobile Code

Code that can be transmitted across a network, to be executed by a system or device on the other end, is called mobile code. There are many legitimate reasons to use mobile code—for example, web browser applets that may execute in the background to download additional content for the web page, such as plug-ins that allow you to view a video.

135

Threat modeling

A systematic approach used to understand how different threats could be realized and how a successful compromise could take place.

136

commit

The commit operation completes a transaction and executes all changes just made by the user. As its name indicates, once the commit command is executed, the changes are committed and reflected in the database. These changes can be made to data or schema information. Because these changes are committed, they are then available to all other applications and users. If a user attempts to commit a change and it cannot complete correctly, a rollback is performed. This ensures that partial changes do not take place and that data are not corrupted.

137

The database model defines the relationships between different data elements; dictates how data can be accessed; and defines acceptable operations, the type of integrity offered, and how the data are organized. A model provides a formal method of representing data in a conceptual form and provides the necessary means of manipulating the data held within the database. Databases come in several types of models, as listed next:

  • Relational
  • Hierarchical
  • Network
  • Object-oriented
  • Object-relational

138

Zero-day vulnerabilities

NOTE Zero-day vulnerabilities are vulnerabilities that do not currently have a resolution. If a vulnerability is identified and there is not a pre-established fix (patch, configuration, update), it is considered a zero day.

139

21. A. The following are correct characteristics of ADO:

  • It’s a high-level data access programming interface to an underlying data access technology (such as OLE DB).
  • It’s a set of COM objects for accessing data sources, not just database access.
  • It allows a developer to write programs that access data without knowing how the database is implemented.
  • SQL commands are not required to access a database when using ADO.

140

High-level languages

Otherwise known as third-generation programming languages, due to their refined programming structures, using abstract statements.

141

Integration testing

Verifying that components work together as outlined in design specifications.

142

Object linking and embedding (OLE)

Provides a way for objects to be shared on a local computer and to use COM as their foundation. It is a technology developed by Microsoft that allows embedding and linking to documents and other objects.

143

Capability Maturity Models (CMMs)

Capability Maturity Models (CMMs) are used for many different purposes, software development processes being one of them. They are general models that allow for maturity-level identification and maturity improvement steps. We showed how CMM can be used for organizational security program improvement processes in Chapter 2.

144

Data Modeling

Let’s see. The data went thataway. Oh no, it went thataway. Oops, I lost the data.

The previous paragraphs have provided a simple look at a structured analysis approach. A full-structured analysis approach looks at all objects and subjects of an application and maps the interrelationships, communications paths, and inheritance properties. This is different from data modeling, which considers data independently of the way the data are processed and of the components that process the data. A data model follows an input value from beginning to end and verifies that the output is correct. OOA is an example of a structured analysis approach. If an analyst is reviewing the OOA of an application, she will make sure all relationships are set up correctly, that the inheritance flows in a predictable and usable manner, that the instances of objects are practical and provide the necessary functionality, and that the attributes of each class cover all the necessary values used by the application. When another analyst does a data model review of the same application, he will follow the data and the returned values after processing takes place. An application can have a perfect OOA structure, but when 1 + 1 is entered and it returns -3, something is wrong. This is one aspect the data modeling looks at.

145

Statement of Work (SOW)

Describes the product and customer requirements. A detailed-oriented SOW will help ensure that these requirements are properly understood and assumptions are not made.

146

Fuzzing

A technique used to discover flaws and vulnerabilities in software.

147

Assemblers, Compilers, Interpreters

Everything ends up in bits at the end.

No matter what type or generation of programming language is used, all of the instructions and data have to end up in a binary format for the processor to understand and work with. Just like our food has to be broken down into molecules for our body to be able to process it, all code must end up in a format that is consumable for specific systems. Each programming language type goes through this transformation through the use of assemblers, compilers, or interpreters.

148

Rootkit

Set of malicious tools that are loaded on a compromised system through stealthy techniques. The tools are used to carry out more attacks either on the infected systems or surrounding systems.

149

2. What is the importance of inference in an expert system?

  A. The knowledge base contains facts, but must also be able to combine facts to derive new information and solutions.

  B. The inference machine is important to fight against multipart viruses.

  C. The knowledge base must work in units to mimic neurons in the brain.

  D. The access must be controlled to prevent unauthorized access.

2. A. The whole purpose of an expert system is to look at the data it has to work with and what the user presents to it and to come up with new or different solutions. It basically performs data-mining activities, identifies patterns and relationships the user can’t see, and provides solutions. This is the same reason you would go to a human expert. You would give her your information, and she would combine it with the information she knows and give you a solution or advice, which is not necessarily the same data you gave her.

150

8. Online application systems that detect an invalid transaction should do which of the following?

  A. Roll back and rewrite over original data.

  B. Terminate all transactions until properly addressed.

  C. Write a report to be reviewed.

  D. Checkpoint each data entry.

8. C. This can seem like a tricky question. It is asking you if the system detected an invalid transaction, which is most likely a user error. This error should be logged so it can be reviewed. After the review, the supervisor, or whoever makes this type of decision, will decide whether or not it was a mistake and investigate it as needed. If the system had a glitch, power fluctuation, hang-up, or any other software- or hardware-related error, it would not be an invalid transaction, and in that case the system would carry out a rollback function.

151

Parameter Validation

The issue of parameter validation is akin to the issue of input validation mentioned earlier. Parameter validation is where the values that are being received by the application are validated to be within defined limits before the server application processes them within the system. The main difference between parameter validation and input validation would have to be whether the application was expecting the user to input a value as opposed to an environment variable that is defined by the application. Attacks in this area deal with manipulating values that the system would assume are beyond the client being able to configure, mainly because there isn’t a mechanism provided in the interface to do so.

152

Compilers

Tools that convert high-level language statements into the necessary machine-level format (.exe, .dll, etc.) for specific processors to understand.

153

Acceptance testing

Ensuring that the code meets customer requirements.

154

Adware

Adware is software that automatically generates (renders) advertisements. The ads can be provided through pop-ups, user interface components, or screens presented during the installation of updates of other products. The goal of adware is to generate sales revenue, not carry out malicious activities, but some adware use invasive measures, which can cause security and privacy issues.

155

Information gathering

Usually the first step in an attacker’s methodology, in which the information gathered may allow an attacker to infer additional information that can be used to compromise systems.

156

COM and DCOM

Component Object Model (COM) is a model that allows for interprocess communication within one application or between applications on the same computer system. The model was created by Microsoft and outlines standardized APIs, component naming schemes, and communication standards. So if I am a developer and I want my application to be able to interact with the Windows operating system and the different applications developed for this platform, I will follow the COM outlined standards.

157

Primary key

Columns that make each row unique. (Every row of a table must include a primary key.)

158

Each object should have specifications it should adhere to. This discipline provides cleaner programming and reduces programming errors and omissions. The following list is an example of what should be developed for each object:

  • Object name
  • Attribute descriptions
  • Attribute name
  • Attribute content
  • Attribute data type
  • External input to object
  • External output from object
  • Operation descriptions
  • Operation name
  • Operation interface description
  • Operation processing description
  • Performance issues
  • Restrictions and limitations
  • Instance connections
  • Message connections

159

What Is a Virus?

A virus is a segment of code that searches out hosts and infects them by embedding a copy of itself. When the infected host executes, the embedded virus is executed, which propagates the infection.

160

Optimizing

The company has budgeted and integrated plans for continuous process improvement.

161

Data Warehousing and Data Mining

Data warehousing combines data from multiple databases or data sources into a large database for the purpose of providing more extensive information retrieval and data analysis. Data from different databases are extracted and transferred to a central data storage device called a warehouse. The data are normalized, which means redundant information is stripped out and data are formatted in the way the data warehouse expects it. This enables users to query one entity rather than accessing and querying different databases.

162

Software Configuration Management (SCM)

When changes take place to a software product during its development life cycle, a configuration management system can be put into place that allows for change control processes to take place through automation. A product that provides Software Configuration Management (SCM) identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. It defines the need to track changes and provides the ability to verify that the final delivered software has all of the approved changes that are supposed to be included in the release.

163

Query language (QL)

Enables users to make requests of the database.

164

Distributed Computing Environment (DCE)

The first framework and development toolkit for developing client/server applications to allow for distributed computing.

165

computer-aided software engineering (CASE)

There are many computer-aided software engineering (CASE) tools that programmers can use to generate code, test software, and carry out debugging activities. When these types of activities are carried out through automated tools, development usually takes place more quickly with fewer errors.

166

Durability

Once the transaction is verified as accurate on all systems, it is committed and the databases cannot be rolled back.

167

Testing Types

If we would like the assurance that the software is any good at all, we should probably test it.

168

only

Client-side validation is when the input validation is done at the client before it is even sent back to the server to process. If you’ve missed a field in a web form and before clicking Submit, you immediately receive a message informing you that you’ve forgotten to fill in one of the fields, you’ve experienced client-side validation. This is a good idea, rather than sending incomplete requests to the server and the server having to send back an error message to the user. The problem arises when the client-side validation is the only validation that takes place. In this situation, the server trusts that the client has done its job correctly and processes the input as if it is valid. In normal situations, accepting this input would be fine, but when an attacker can intercept the traffic between the client and server and modify it or just directly make illegitimate requests to the server without using a client, a compromise is more likely.

169

Classification

Groups together data according to shared similarities.

170

5. Database views provide what type of security control?

  A. Detective

  B. Corrective

  C. Preventive

  D. Administrative

5. C. A database view is put into place to prevent certain users from viewing specific data. This is a preventive measure, because the administrator is preventing the users from seeing data not meant for them. This is one control to prevent inference attacks.

171

Object-Oriented Concepts

Objects are so cute, and small, and modular. I will take one in each color!

Software development used to be done by classic input-processing-output methods. This development used an information flow model from hierarchical information structures. Data were input into a program, and the program passed the data from the beginning to end, performed logical procedures, and returned a result.

172

Database Management

Databases have a long history of storing important intellectual property and items that are considered valuable and proprietary to companies. Because of this, they usually live in an environment of mystery to all but the database and network administrators. The less anyone knows about the databases, the better. Users generally access databases indirectly through a client interface, and their actions are restricted to ensure the confidentiality, integrity, and availability of the data held within the database and the structure of the database itself.

173

Inference engine

A computer program that tries to derive answers from a knowledge base. It is the "brain" that expert systems use to reason about the data in the knowledge base for the ultimate purpose of formulating new conclusions.

174

Service-oriented architecture (SOA)

Provides standardized access to the most needed services to many different applications at one time. Service interactions are self-contained and loosely coupled, so that each interaction is independent of any other interaction.

175

Object-oriented design (OOD)

Object-oriented design (OOD) creates a representation of a real-world problem and maps it to a software solution using OOP. The result of an OOD is a design that modularizes data and procedures. The design interconnects data objects and processing operations.

176

Macro virus

A virus written in a macro language and that is platform independent. Since many applications allow macro programs to be embedded in documents, the programs may be run automatically when the document is opened. This provides a distinct mechanism by which viruses can be spread.

177

Cleanroom

An approach that attempts to prevent errors or mistakes by following structured and formal methods of developing and testing. This approach is used for high-quality and critical applications that will be put through a strict certification process.

178

Programming Languages and Concepts

All software is written in some type of programming language. Programming languages have gone through several generations over time, each generation building on the next, providing richer functionality and giving the programmers more powerful tools as they evolve.

179

and

An object-oriented database is designed to handle a variety of data types (images, audio, documents, video). An object-oriented database management system (ODBMS) is more dynamic in nature than a relational database, because objects can be created when needed and the data and procedure (called method) go with the object when it is requested. In a relational database, the application has to use its own procedures to obtain data from the database and then process the data for its needs. The relational database does not actually provide procedures, as object-oriented databases do. The object-oriented database has classes to define the attributes and procedures of its objects.

180

ActiveX Data Objects (ADO) An API that allows applications to access back-end database systems. It is a set of ODBC interfaces that exposes the functionality of data sources through accessible objects. ADO uses the OLE DB interface to connect with the database, and can be developed with many different scripting languages. It is commonly used in web applications and other client/server applications. The following are some characteristics of an ADO:

  • It’s a high-level data access programming interface to an underlying data access technology (such as OLE DB).
  • It’s a set of COM objects for accessing data sources, not just database access.
  • It allows a developer to write programs that access data without knowing how the database is implemented.
  • SQL commands are not required to access a database when using ADO.

181

Stealth virus

A virus that hides the modifications it has made. The virus tries to trick antivirus software by intercepting its requests to the operating system and providing false and bogus information.

182

Session Management

As highlighted earlier, managing several thousand different clients connecting to a web-based application is a challenge. The aspect of session management requires consideration before delivering applications via the Web. Commonly, the most used method of managing client sessions is by assigning unique session IDs to every connection. A session ID is a value sent by the client to the server with every request that uniquely identifies the client to the server or application. In the event that an attacker was able to acquire or even guess an authenticated client’s session ID and render it to the server as its own session ID, the server would be fooled and the attacker would have access to the session.

183

self-garbling virus

A self-garbling virus attempts to hide from antivirus software by garbling (modifying) its own code. As the virus spreads, it changes the way its code is formatted. A small portion of the virus code decodes the garbled code when activated.

184

Script viruses

Script viruses have been quite popular and damaging over the last several years. Scripts are files that are executed by an interpreter—for example, Microsoft Windows Script Host, which interprets different types of scripting languages. Web sites have become more dynamic and interactive through the use of script files written in Visual Basic (VBScript) and Java (Jscript) as well as other scripting languages that are embedded in HTML. When a web page that has these scripts embedded is requested by a web browser, these embedded scripts are executed, and if they are malicious, then everything just blows up. Okay, this a tad overdramatic. The virus will carry out the payload (instructions) that the virus writer has integrated into the script, whether it is sending out copies of itself to everyone in your contact list or deleting critical files. Scripts are just another infection vector used by malware writers to carry out their evil ways.

185

Client-side validation

Input validation is done at the client before it is even sent back to the server to process.

186

Common Object Request Broker Architecture (CORBA)

Common Object Request Broker Architecture (CORBA) is an open object-oriented standard architecture developed by the Object Management Group (OMG). It provides interoperability among the vast array of software, platforms, and hardware in environments today. CORBA enables applications to communicate with one another no matter where the applications are located or who developed them.

187

multipart virus

A multipart virus (also called multipartite virus) has several components to it and can be distributed to different parts of the system. For example, a multipart virus might infect both the boot sector of a hard drive and executable files. By using multiple vectors it can spread more quickly than a virus using only one vector.

188

inference engine

Rule-based programming is a common way of developing expert systems. The rules are based on if-then logic units and specify a set of actions to be performed for a given situation. This is one way expert systems are used to find patterns, which is called pattern matching. A mechanism, called the inference engine, automatically matches facts against patterns and determines which rules are applicable. The actions of the corresponding rules are executed when the inference engine is instructed to begin execution.

189

Object Linking and Embedding Database (OLE DB)

Separates data into components that run as middleware on a client or server. It provides a low-level interface to link information across different databases, and provides access to data no matter where they are located or how they are formatted. The following are some characteristics of an OLE DB:

190

Static analysis

A debugging technique that is carried out by examining the code without executing the program, and therefore is carried out before the program is compiled.

191

ActiveX Controls

ActiveX is a Microsoft technology composed of a set of OOP technologies and tools based on COM and DCOM. A programmer uses these tools to create ActiveX controls, which are self-sufficient programs similar to Java applets. ActiveX controls can be reused by many applications within one system or different systems within an environment. These controls can be downloaded from web sites to add extra functionality (as in providing animations for web pages), but they are also components of Windows operating systems themselves (dynamic link libraries [DLLs]) and carry out common operating system tasks.

192

software development life cycle (SDLC)

There have been several software development life cycle (SDLC) models developed over the years, which we will cover later in this section, but the crux of each model deals with the following items:

193

Security functional requirements analysis

Identifies the protection levels that must be provided by the system to meet all regulatory, legal, and policy compliance needs.

194

Cell suppression

A technique used to hide specific cells that contain sensitive information.

195

Cross-site scripting (XSS)

An attack where a vulnerability is found on a web site that allows an attacker to inject malicious code into a web application.

196

Bots

Software applications that run automated tasks over the Internet, which perform tasks that are both simple and structurally repetitive. Malicious use of bots is the coordination and operation of an automated attack by a botnet (centrally controlled collection of bots).

197

Remote access Trojans (RATs)

Malicious programs that run on systems and allow intruders to access and use a system remotely.

198

Authenticode

A type of code signing, which is the process of digitally signing software components and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was digitally signed. Authenticode is Microsoft’s implementation of code signing.

199

Risk Types

It is important to understand the difference between project risk analysis and security risk analysis. They often are confused or combined. The project team may do a risk analysis pertaining to the risk of the project failing. This is much different from the security risk analysis, which addresses the vulnerabilities within the software product itself. The two should be understood and used, but in a distinctively different manner.

200

Initial

Development process is ad hoc or even chaotic. The company does not use effective management procedures and plans. There is no assurance of consistency, and quality is unpredictable.

201

In reality, the flaws within the software cause a majority of the vulnerabilities in the first place. Several reasons explain why perimeter devices are more often considered than dealing with the insecurities within the software:

  • In the past, it was not crucial to implement security during the software development stages; thus, many programmers today do not practice these procedures.
  • Most security professionals are not software developers, and thus do not have complete insight to software vulnerability issues.
  • Many software developers do not have security as a main focus. Functionality is usually considered more important than security.
  • Software vendors are trying to get their products to market in the quickest possible time, and thus do not take time for proper security architecture, design, and testing steps.
  • The computing community has gotten used to receiving software with flaws and then applying patches. This has become a common and seemingly acceptable practice.
  • Customers cannot control the flaws in the software they purchase, so they must depend upon perimeter protection.

202

Spyware and Adware

Spyware is a type of malware that is covertly installed on a target computer to gather sensitive information about a victim. The gathered data may be used for malicious activities, e.g., identity theft, spamming fraud, etc. Spyware can also gather information about a victim’s online browsing habits, which are then often used by spammers to send targeted advertisements. It can also be used by an attacker to direct a victim’s computer to perform tasks such as installing software, changing system settings, transfer browsing history, logging key strokes, taking screenshots, etc.

203

software

The acronym "SDLC" can represent system development life cycle or software development life cycle. Many resources interchange these terms (system and software) because the basic structure of a life-cycle framework should be applied to a computer, network, or a piece of software. A life-cycle framework just means that the item of focus (system or software) should be properly cared for no matter what stage it is in.

204

Trojan horse

A program that is disguised as another program with the goal of carrying out malicious activities in the background without the user knowing.

205

Release/Maintenance

Deploying the software and then ensuring that it is properly configured, patched, and monitored

206

Atomicity

Divides transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back.

207

assemblers

An assembly language is considered a low-level programming language and is the symbolic representation of machine-level instructions. It is "one step above" machine language. It uses symbols (called mnemonics) to represent complicated binary codes. Programmers using assembly language could use commands like ADD, PUSH, POP, etc., instead of the binary codes (1001011010, etc.). Assembly languages use programs called assemblers, which automatically convert these assembly codes into the necessary machine-compatible binary language. To their credit, assembly languages drastically reduced programming and debugging times, introduced the concept of variables, and freed programmers from manually calculating memory addresses. But like machine code, programming in an assembly language requires extensive knowledge of a computer’s architecture. It is easier than programming in binary format, but more challenging compared to the high-level languages most programmers use today.

208

Security assurance requirements analysis

Identifies the assurance levels the system must provide. The activities that need to be carried out to ensure the desired level of confidence in the system are determined, which are usually specific types of tests and evaluations.

209

Information Gathering

Information gathering is usually the first step in an attacker’s methodology. Information gathered may allow an attacker to infer additional information that can be used to compromise systems. Unfortunately, most of the information gathered is from sources that are available to anyone who asks. The big search engines make it even easier for an attacker to gather information because they aggregate information and can return results from the search engine’s cache without the attacker ever connecting to the target company’s web server.

210

Figure 10-37 OLE DB provides an interface to allow applications to communicate with different data sources.

  • Because it is COM-based, OLE DB is limited to being used by Microsoft Windows-based client tools.
  • A developer accesses OLE DB services through ActiveX Data Objects (ADO).
  • It allows different applications to access different types and sources of data.

211

9. Which of the following are rows and columns within relational databases?

  A. Rows and tuples

  B. Attributes and rows

  C. Keys and views

  D. Tuples and attributes

9. D. In a relational database, a row is referred to as a tuple, whereas a column is referred to as an attribute.

212

ActiveX Data Objects (ADO)

An API that allows applications to access back-end database systems. It is a set of ODBC interfaces that exposes the functionality of data sources through accessible objects. ADO uses the OLE DB interface to connect with the database, and can be developed with many different scripting languages. It is commonly used in web applications and other client/server applications. The following are some characteristics of an ADO:

213

Authentication and Access Control

If you’ve used the Internet for banking, shopping, registering for classes, or working from home, you most likely logged in through a web-based application. From the consumer side or the provider side, the topic of authentication and access control is an obvious issue. Consumers want an access control mechanism that provides the security and privacy they would expect from a trusted entity, but they also don’t want to be too burdened by the process. From the service providers’ perspective, they want to provide the highest amount of security to the consumer that performance, compliance, and cost will allow. So, from both of these perspectives, typically usernames and passwords are still used to control access to most web applications.

214

Report generator

Produces printouts of data in a user-defined manner.

215

Machine language

A set of instructions in binary format that the computer’s processor can understand and work with directly.

216

Virus

A small application, or string of code, that infects host applications. It is a programming code that can replicate itself and spread from one system to another.

217

Relational Database Components

Like all software, databases are built with programming languages. Most database languages include a data definition language (DDL), which defines the schema; a data manipulation language (DML), which examines data and defines how the data can be manipulated within the database; a data control language (DCL), which defines the internal organization of the database; and an ad hoc query language (QL), which defines queries that enable users to access the data within the database.

218

Assemblers

Tools that convert assembly code into the necessary machine-compatible binary language for processing activities to take place.

219

10. D. The following are correct characteristics of the ACID test:

  • Atomicity Divides transactions into units of work and ensures that all modifications take effect or none take effect. Either the changes are committed or the database is rolled back.
  • Consistency A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases.
  • Isolation Transactions execute in isolation until completed without interacting with other transactions. The results of the modification are not available until the transaction is completed.
  • Durability Once the transaction is verified as accurate on all systems, it is committed and the databases cannot be rolled back.

220

Compression viruses

Another type of virus that appends itself to executables on the system and compresses them by using the user’s permissions.

221

Service-Oriented Architecture

While many of the previously described distributed computing technologies are still in use, the industry has moved toward and integrated another approach in providing commonly needed application functionality and procedures across various environments. A service-oriented architecture (SOA) provides standardized access to the most needed services to many different applications at one time. Application functionality is separated into distinct units (services) and offered up through well-defined interfaces and data-sharing standardization. This means that individual applications do not need to possess the same redundant code and functionality. The functionality can be offered by an individual entity and then all other applications can just call upon and use the one instance. This is really the crux of all distributed computing technologies and approaches—SOA is just a more web-based approach.

222

Third-party evaluations

Reviewing the level of service and quality a specific vendor will provide if the system is to be purchased.

223

16. A. The five levels of the Capability Maturity Integration Model are:

  • Initial Development process is ad hoc or even chaotic. The company does not use effective management procedures and plans. There is no assurance of consistency, and quality is unpredictable.
  • Repeatable A formal management structure, change control, and quality assurance are in place. The company can properly repeat processes throughout each project. The company does not have formal process models defined.
  • Defined Formal procedures are in place that outline and define processes carried out in each project. The organization has a way to allow for quantitative process improvement.
  • Managed The company has formal processes in place to collect and analyze quantitative data, and metrics are defined and fed into the process- improvement program.
  • Optimizing The company has budgeted and integrated plans for continuous process improvement.

224

We will cover the main categories of malware in the following sections, but the main reasons that they are all increasing in numbers and potency are as follows:

  • Environments are heterogeneous and increase in complexity.
  • Everything is becoming a computer (phones, TVs, play stations, power grids, medical devices, etc.), and thus all are capable of being compromised.
  • More people and companies are storing all of their data in some digital format.
  • More people and devices are connecting through various interfaces (phone apps, Facebook, web sites, email, texting, e-commerce, etc.).
  • Many accounts are configured with too much privileged (administrative or root access).
  • More people who do not understand technology are using it for sensitive purposes (online banking, e-commerce, etc.).

225

Software Escrow

Will someone keep a copy of my source code?

If a company pays another company to develop software for it, it should have some type of software escrow in place for protection. We covered this topic in Chapter 8 from a business continuity perspective, but since it directly deals with software development, we will mention it here also.

226

Rule-based programming

A common way of developing expert systems, with rules based on if-then logic units, and specifying a set of actions to be performed for a given situation.

227

(boot sector viruses)

Some viruses infect the boot sector (boot sector viruses) of a computer and either move data within the boot sector or overwrite the sector with new information. Some boot sector viruses have part of their code in the boot sector, which can initiate the virus when a system boots up, and the rest of their code in sectors on the hard drive it has marked off as bad. Because the sectors are marked as bad, the operating system and applications will not attempt to use those sectors; thus, they will not get overwritten.

228

Privacy Impact Rating

Indicates the sensitivity level of the data that will be processed or made accessible.

229

Software’s Importance

Software controls come in various flavors with many different goals. They can control input, encryption, logic processing, number-crunching methods, interprocess communication, access, output, and interfacing with other software. They should be developed with potential risks in mind, and many types of threat models and risk analyses should be invoked at different stages of development. The goals are to reduce vulnerabilities and the possibility of system compromise. The controls can be preventive, detective, or corrective. While security controls can be administrative and physical in nature, the controls used within software are usually more technical in nature.

230

Requirements analysis

In-depth study of what functions the company needs the desired system to carry out.

231

Noise and perturbation

A technique of inserting bogus information in the hopes of misdirecting an attacker or confusing the matter enough that the actual attack will not be fruitful.

232

Rapid prototyping

Rapid prototyping is an approach that allows the development team to quickly create a prototype (sample) to test the validity of the current understanding of the project requirements. As an analogy, let’s say that you and your spouse were thinking about starting a family and having children. Instead of forging ahead and enduring the nine-month-long pregnancy adventure, you decide to babysit your brother’s kids for two weeks to see if you even like kids. You and your spouse could potentially find out very quickly that this is not the life for you and instead buy a plant.

233

Break and Fix

No real planning up front. Flaws are reactively dealt with after release with the creation of patches and updates.

234

Meme viruses

These are not actual computer viruses, but types of e-mail messages that are continually forwarded around the Internet.

235

Behavior blocking

Allowing the suspicious code to execute within the operating system and watches its interactions with the operating system, looking for suspicious activities.

236

Statistical

Identifies relationships between data elements and uses rule discovery.

237

Pre-validation

Input controls verifying data are in appropriate format and compliant with application specifications prior to submission to the application. An example of this would be form field validation, where web forms do not allow letters in a field that is expecting to receive a number (currency) value.

238

metadata)

A data dictionary is a central collection of data element definitions, schema objects, and reference keys. The schema objects can contain tables, views, indexes, procedures, functions, and triggers. A data dictionary can contain the default values for columns, integrity information, the names of users, the privileges and roles for users, and auditing information. It is a tool used to centrally manage parts of a database by controlling data about the data (referred to as metadata) within the database. It provides a cross-reference between groups of data elements and the databases.

239

Object-oriented programming (OOP)

Object-oriented programming (OOP) methods perform the same functionality, but with different techniques that work in a more efficient manner. First, you need to understand the basic concepts of OOP.

240

(prototype)

A sample of software code or a model (prototype) can be developed to explore a specific approach to a problem before investing expensive time and resources. A team can identify the usability and design problems while working with a prototype and adjust their approach as necessary. Within the software development industry three main prototype models have been invented and used. These are the rapid prototype, evolutionary prototype, and operational prototype.

241

Natural languages

Otherwise known as fifth-generation programming languages, which have the goal to create software that can solve problems by themselves. Used in systems that provide artificial intelligence.

242

Data warehousing

Combines data from multiple databases or data sources into a large database for the purpose of providing more extensive information retrieval and data analysis.

243

Mobile code

Code that can be transmitted across a network, to be executed by a system or device on the other end.

244

Java applets

Small components (applets) that provide various functionalities and are delivered to users in the form of Java bytecode. Java applets can run in a web browser using a Java Virtual Machine (JVM). Java is platform independent; thus, Java applets can be executed by browsers for many platforms.

245

Functional model

Outlines the tasks and functions the application needs to carry out

246

server side includes (SSI)

In order for a web server to provide the active content and common interfaces that web users demand these days, the servers must access data sources, process code, and return the results to the web clients. To employ these mechanisms, the appropriate code must be written and presented to the web browser in the appropriate format. One technology, called server side includes (SSI), allows web developers to reuse content by inserting the same content into multiple web documents. This typically involves use of an include statement in the code and a file (.inc). However, if these files are able to be accessed by an attacker, the code would be visible and could be changed to "include" other files containing sensitive information. Other technologies such as Active Server Pages (ASP) are used to provide an "active" user environment. These files can disclose any contained sensitive code if they were able to be viewed. Developers should avoid using any sensitive code in the SSI file or ASP files (like database connection strings or some proprietary business logic) so in the event the document should ever find itself in anyone’s hands unparsed by the server, the code isn’t readily available. There have been too many vulnerabilities with these types of files in the past to assume they will not be able to be read.

247

2. Database software should meet the requirements of what is known as the ACID test. Why should database software carry out atomic transactions, which is one requirement of the ACID test, when OLTP is used?

A. So that the rules for database integrity can be established

B. So that the database performs transactions as a single unit without interruption

C. To ensure that rollbacks cannot take place

D. To prevent concurrent processes from interacting with each other

Extended Questions:

CORRECT B. Online transaction processing (OLTP) is used when databases are clustered to provide high fault tolerance and performance. It provides mechanisms to watch for and deal with problems when they occur. For example, if a process stops functioning, the monitor mechanisms within OLTP can detect this and attempt to restart the process. If the process cannot be restarted, then the transaction taking place will be rolled back to ensure no data is corrupted or that only part of a transaction happens. OLTP records transactions as they occur (in real time), which usually updates more than one database in a distributed environment. This type of complexity can introduce many integrity threats, so the database software should implement the characteristics of what’s known as the ACID test:

Atomicity Divides transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back.

Consistency A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases.

Isolation Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.

Durability Once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back.

248

Attack surface

Components available to be used by an attacker against the product itself.

249

Two-phase commit

A mechanism that is another control used in databases to ensure the integrity of the data held within the database.

250

Replication

Makes copies of itself and spreads to other victims

251

Functionality versus Security

Programming code is complex—the code itself, routine interaction, global and local variables, input received from other programs, output fed to different applications, attempts to envision future user inputs, calculations, and restrictions form a long list of possible negative security consequences. Many times, trying to account for all the "what-ifs" and programming on the side of caution can reduce the overall functionality of the application. As you limit the functionality and scope of an application, the market share and potential profitability of that program could be reduced. A balancing act always exists between functionality and security, and in the development world, functionality is usually deemed the most important.

252

Initiation

In the initiation phase the company establishes the need for a specific system. The company has figured out that there is a problem that can be solved or a function that can be carried out through some type of technology. This phase addresses the questions, "What do we need and why do we need it?" This may sound like a step that does not require much investigation and time, but many companies have purchased the wrong solution for the wrong reasons. Technology can be complex, and the mapping between business needs and technology solutions are not always as clear-cut as one would assume. Purchasing the wrong solution is bad, but purchasing and fully integrating it into a production environment and then figuring out it is not what the company needs is worse. A requirements assessment should be carried out before a new solution is developed or purchased.

253

Java Platform, Enterprise Edition (J2EE)

Is based upon the Java programming language, which allows a modular approach to programming code with the goal of interoperability. J2EE defines a client/server model that is object oriented and platform independent.

254

Data manipulation language (DML)

Contains all the commands that enable a user to view, manipulate, and use the database (view, add, modify, sort, and delete commands).

255

Release/Maintenance Phase

Once the software code is developed and properly tested, it is released so that it can be implemented within the intended production environment. The software development team’s role is not finished at this point. Newly discovered problems and vulnerabilities are commonly identified. For example, if a company developed a customized application for a specific customer, the customer could run into unforeseen issues when rolling out the product within their various networked environments. Interoperability issues might come to the surface, or some configurations may break critical functionality. The developers would need to make the necessary changes to the code, retest the code, and re-release the code.

256

17. B. The characteristics and their associated definitions are listed as follows:

  • Modularity Autonomous objects, cooperation through exchanges of messages.
  • Deferred commitment The internal components of an object can be redefined without changing other parts of the system.
  • Reusability Other programs using the same objects.
  • Naturalness Object-oriented analysis, design, and modeling map to business needs and solutions.

257

Java Database Connectivity (JDBC)

An API that allows a Java application to communicate with a database. The application can bridge through ODBC or directly to the database. The following are some characteristics of JDBC:

258

Build Security In (BSI)

The U.S. Department of Homeland Security (DHS) also provides best practices, tools, guidelines, rules, principles, and other resources that software developers, architects, and security practitioners can use to build security into software in every phase of its development. This DHS initiative is called Build Security In (BSI), and as with the other mentioned organizations, it is a collaborative effort that allows many entities across the industry to participate and provide useful material. DHS has a Software Assurance Program that maintains BSI. This program’s mission statement is as follows:

259

Simple Object Access Protocol (SOAP)

An XML-based protocol that encodes messages in a web service environment.

260

Web Security

When it comes to the Internet and web-based applications, many security situations are unique to this area. Companies use the Internet to expose products or services to the widest possible audience; thus, they need to allow an uncontrollable number of entities on the Internet to access their web servers. In most situations companies must open up the ports related to the web-based traffic (80 and 443) on their firewalls, which are commonly used avenues for a long list of attacks.

261

Unicode encoding

Unicode is an industry-standard mechanism developed to represent the entire range of over 100,000 textual characters in the world as a standard coding format. Web servers support Unicode to support different character sets (for different languages), and, at one time, many web server software applications supported it by default. So, even if we told our systems to not allow the "../" directory traversal request mentioned earlier, an attacker using Unicode could effectively make the same directory traversal request without using "/" but with any of the Unicode representations of that character (three exist: %c1%1c, %c0%9v, and %c0%af). That request may slip through unnoticed and be processed.

262

P2

Moderate Privacy Risk: The sole behavior that affects privacy in the feature, product, or service is a one-time, user-initiated anonymous data transfer (e.g., the user clicks on a link and goes out to a web site).

263

Distributed Computing Environment

Distributed Computing Environment (DCE) is a standard developed by the Open Software Foundation (OSF), also called Open Group. It is a client/server framework that is available to many vendors to use within their products. This framework illustrates how various capabilities can be integrated and shared between heterogeneous systems. DCE provides a Remote Procedure Call (RPC) service, security service, directory service, time service, and distributed file support. It was one of the first attempts at distributed computing in the industry.

264

As it pertains to security, the following items should be accomplished in this phase:

  • Security requirements
  • Security risk assessment
  • Privacy risk assessment
  • Risk-level acceptance

265

Artificial Neural Networks

An artificial neural network (ANN) is a mathematical or computational model based on the neural structure of the brain. Computers perform activities like calculating large numbers, keeping large ledgers, and performing complex mathematical functions, but they cannot recognize patterns or learn from experience as the brain can. ANNs contain many units that stimulate neurons, each with a small amount of memory. The units work on data that are input through their many connections. Via training rules, the systems are able to learn from examples and have the capability to generalize.

266

Malicious Software (Malware)

Several types of malicious code or malware exist, such as viruses, worms, Trojan horses, and logic bombs. They usually are dormant until activated by an event the user or system initiates. They can be spread by email, sharing media, sharing documents and programs, or downloading things from the Internet, or they can be purposely inserted by an attacker.

267

Coupling

A measurement that indicates how much interaction one module requires for carrying out its tasks.

268

11. The software development life cycle has several phases. Which of the following lists these phases in the correct order?

  A. Project initiation, system design specifications, functional design analysis and planning, software development, installation/implementation, operational/maintenance, disposal

  B. Project initiation, functional design analysis and planning, system design specifications, software development, installation/implementation, operational/maintenance, disposal

  C. Project initiation, functional design analysis and planning, software development, system design specifications, installation/implementation, operational/maintenance, disposal

  D. Project initiation, system design specifications, functional design analysis and planning, software development, operational/maintenance

11. B. The following outlines the common phases of the software development life cycle:

269

Very high-level languages

Otherwise known as fourth-generation programming languages and are meant to take natural language-based statements one step ahead.

270

Software Configuration Management (SCM)

Identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle.

271

Security plan

Documented security controls the system must contain to ensure compliance with the company’s security needs. This plan provides a complete description of the system and ties them to key company documents, as in configuration management, test and evaluation plans, system interconnection agreements, security accreditations, etc.

272

operational prototypes

The operational prototypes are an extension of the evolutionary prototype method. Both models (operational and evolutionary) improve the quality of the prototype as more data are gathered, but the operational prototype is designed to be implemented within a production environment as it is being tweaked. The operational prototype is updated as customer feedback is gathered, and the changes to the software happen within the working site.

273

Interpreters

Tools that convert code written in interpreted languages to the machine-level format for processing.

274

ISO/IEC 27034

International standard that provides guidance to assist organizations in integrating security into the processes used for managing their applications. It is applicable to in-house developed applications, applications acquired from third parties, and where the development or the operation of the application is outsourced.

275

Java Applets

Java is an object-oriented, platform-independent programming language. It is employed as a full-fledged programming language and is used to write complete programs and small components, called applets, which commonly run in a user’s web browser.

276

Post-validation

Ensuring an application’s output is consistent with expectations (that is, within predetermined constraints of reasonableness).

277

artificial neural network (ANN)

An artificial neural network (ANN) is a mathematical or computational model based on the neural structure of the brain. Computers perform activities like calculating large numbers, keeping large ledgers, and performing complex mathematical functions, but they cannot recognize patterns or learn from experience as the brain can. ANNs contain many units that stimulate neurons, each with a small amount of memory. The units work on data that are input through their many connections. Via training rules, the systems are able to learn from examples and have the capability to generalize.

278

Build Security In (BSI)

U.S. DHS effort that provides best practices, tools, guidelines, rules, principles, and other resources for software developers, architects, and security practitioners to use.

279

Statement of Work (SOW)

If a software product is being developed for a specific customer, it is common for a Statement of Work (SOW) to be developed, which describes the product and customer requirements. A detail-oriented SOW will help ensure that these requirements are properly understood and assumptions are not made.

280

6. Which of the following is used to deter database inference attacks?

  A. Partitioning, cell suppression, and noise and perturbation

  B. Controlling access to the data dictionary

  C. Partitioning, cell suppression, and small query sets

  D. Partitioning, noise and perturbation, and small query sets

6. A. Partitioning means to logically split the database into parts. Views then dictate what users can view specific parts. Cell suppression means that specific cells are not viewable by certain users. And noise and perturbation is when bogus information is inserted into the database to try to give potential attackers incorrect information.

281

Hierarchical data model

Combines records and fields that are related in a logical tree structure.

282

Input Validation

Web servers are just like any other software applications; they can only carry out the functionality their instructions dictate. They are designed to process requests via a certain protocol. When a person interacts with their web browser and types in a request for http://www.logicalsecurity.com/index.htm, he is using a protocol called Hypertext Transfer Protocol (HTTP) to request the file "index.htm" from the server "www" in the "logicalsecurity.com" namespace. A request in this form is called a Uniform Resource Locator (URL). Like many situations in our digital world, there is more than one way to request something because computers speak several different "languages"—such as binary, hexadecimal, and many encoding mechanisms—each of which is interpreted and processed by the system as valid commands. Validating that these requests are allowed is part of input validation and is usually tied to coded validation rules within the web server software. Attackers have figured out how to bypass some of these coded validation rules.

283

The next phase in the antivirus software evolution is referred to as behavior blockers. Antivirus software that carries out behavior blocking actually allows the suspicious code to execute within the operating system unprotected and watches its interactions with the operating system, looking for suspicious activities. The antivirus software would be watching for the following types of actions:

  • Writing to startup files or the Run keys in the Registry
  • Opening, deleting, or modifying files
  • Scripting e-mail messages to send executable code
  • Connecting to network shares or resources
  • Modifying an executable logic
  • Creating or modifying macros and scripts
  • Formatting a hard drive or writing to the boot sector

284

Behavioral model

Explains the states the application will be in during and after specific transitions take place

285

Object-oriented database

Designed to handle a variety of data (images, audio, documents, video), which is more dynamic in nature than a relational database.

286

Distributed Computing

Many of our applications work in a client/server model, which means the smaller part (client) of the application can run on different systems and the larger piece (server) of the application runs on a single, and commonly more powerful, back-end system. The server portion carries out more functionality and horsepower compared to the clients. The clients will send the server portion requests, and the server will respond with results. Simple enough, but how do the client and server pieces actually carry out communication with each other?

287

Rapid Application Development (RAD)

The Rapid Application Development (RAD) model relies more on the use of rapid prototyping instead of extensive upfront planning. In this model, the planning of how to improve the software is interleaved with the processes of developing the software, which allows for software to be developed quickly. The delivery of a workable piece of software can take place in less than half the time compared to other development models. The RAD model combines the use of prototyping and iterative development procedures with the goal of accelerating the software development process. The development process begins with creating data models and business process models to help define what the end-result software needs to accomplish. Through the use of prototyping, these data and process models are refined. These models provide input to allow for the improvement of the prototype, and the testing and evaluation of the prototype allow for the improvement of the data and process models. The goal of these steps is to combine business requirements and technical design statements, which provide the direction in the software development project.

288

The proliferation of malware has a direct relationship to the large amount of profit individuals can make without much threat of being caught. The most commonly used schemes for making money through malware are as follows:

  • Spyware collects personal data for the malware developer to resell to others.
  • Malware redirects web traffic so that people are pointed toward a specific product for purchase.
  • Malware installs back doors on systems, and they are used as proxies to spread spam or pornographic material.
  • Systems are infected with bots and are later used in distributed-denial-of-service attacks.
  • Malware installs key loggers, which collect sensitive financial information for the malware author to use.
  • Malware is used to carry out phishing attacks, fraudulent activities, identity theft steps, and information warfare activities.

289

Software escrow

Storing of the source code of software with a third-party escrow agent. The software source code is released to the licensee if the licensor (software vendor) files for bankruptcy or fails to maintain and update the software product as promised in the software license agreement.

290

work breakdown structure (WBS)

A work breakdown structure (WBS) is a project management tool used to define and group a project’s individual work elements in an organized manner. The SDLC should be illustrated in a WBS format, so that each phase is properly addressed.

291

Web Application Security Consortium (WASC)

A nonprofit organization made up of an international group of experts, industry practitioners, and organizational representatives who produce open-source and widely agreed upon best-practice security standards for the World Wide Web.

292

Spyware

Spyware is a type of malware that is covertly installed on a target computer to gather sensitive information about a victim. The gathered data may be used for malicious activities, e.g., identity theft, spamming fraud, etc. Spyware can also gather information about a victim’s online browsing habits, which are then often used by spammers to send targeted advertisements. It can also be used by an attacker to direct a victim’s computer to perform tasks such as installing software, changing system settings, transfer browsing history, logging key strokes, taking screenshots, etc.

293

Schema

Database structure that is described in a formal language supported by the database management system (DBMS). It is used to describe how data will be organized.

294

rollback

The rollback is an operation that ends a current transaction and cancels the current changes to the database. These changes could have taken place to the data held within the database or a change to the schema. When a rollback operation is executed, the changes are cancelled and the database returns to its previous state. A rollback can take place if the database has some type of unexpected glitch or if outside entities disrupt its processing sequence. Instead of transmitting and posting partial or corrupt information, the database will roll back to its original state and log these errors and actions so they can be reviewed later.

295

Component Object Model (COM)

A model developed by Microsoft that allows for interprocess communication between applications potentially written in different programming languages on the same computer system.

296

Agile model

The Agile model is an umbrella term for several development methodologies. It focuses not on rigid, linear, stepwise processes, but instead on incremental and iterative development methods that promote cross-functional teamwork and continuous feedback mechanisms. This model is considered "lightweight" compared to the traditional methods that are "heavyweight," which just means this model is not confined to a tunneled vision and overly structured approach. It is nimble and flexible enough to adapt to each project’s needs. The industry found out that even an exhaustive library of defined processes cannot handle every situation that could arise during a development project. So instead of investing time and resources into big upfront design analysis, this model focuses on small increments of functional code that are created based upon business need.

297

Polymorphic virus

Produces varied but operational copies of itself. A polymorphic virus may have no parts that remain identical between infections, making it very difficult to detect directly using signatures.

298

Cohesion

A measurement that indicates how many different types of tasks a module needs to carry out.

299

Eradication

Removes itself after the payload has been executed

300

Polymorphism

Two objects can receive the same input and have different outputs.

301

Agile

Iterative and incremental development processes that encourage team-based collaboration. Flexibility and adaptability are used instead of a strict process structure.

302

12. D. There are different types of tests the software should go through because there are different potential flaws we will be looking for. The following are some of the most common testing approaches:

  • Unit testing Individual component is in a controlled environment where programmers validate data structure, logic, and boundary conditions.
  • Integration testing Verifying that components work together as outlined in design specifications.
  • Acceptance testing Ensuring that the code meets customer requirements.
  • Regression testing After a change to a system takes place, retesting to ensure functionality, performance, and protection.

303

From a security point of view, the following items should also be accomplished in this phase:

  • Attack surface analysis
  • Threat modeling

304

database management system (DBMS)

A database is a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed. Databases are managed with software that provides these types of capabilities. It also enforces access control restrictions, provides data integrity and redundancy, and sets up different procedures for data manipulation. This software is referred to as a database management system (DBMS) and is usually controlled by a database administrator. Databases not only store data, but may also process data and represent them in a more usable and logical form. DBMSs interface with programs, users, and data within the database. They help us store, organize, and retrieve information effectively and efficiently.

305

Immunizers

Don’t bother looking over here. We’re already infected.

Another approach some antivirus software uses is called immunization. Products with this type of functionality would make it look as though a file, program, or disk was already infected. An immunizer attaches code to the file or application, which would fool a virus into "thinking" it was already infected. This would cause the virus to not infect this file (or application) and move onto the next file.

306

Agile Model

The industry seems to be full of software development models, each trying to improve upon the deficiencies of the ones before it. Before the Agile approach to development was created, teams were following rigid process-oriented models. These approaches focused more on following procedures and steps instead of potentially carrying out tasks in a more efficient manner. As an analogy, if you have ever worked within or interacted with a large government agency, you may have come across silly processes that took too long and involved too many steps. If you are a government employee and need to purchase a new chair, you might have to fill out four sets of documents that need to be approved by three other departments. You probably have to identify three different chair vendors, who have to submit a quote, which goes through the contracting office. It might take you a few months to get your new chair. The focus is to follow a protocol and rules instead of efficiency.

307

Relational database model

Uses attributes (columns) and tuples (rows) to contain and organize information.

308

V-model

Emphasizes verification and validation at each phase and testing to take place throughout the project, not just at the end.

309

virus

A virus is a small application, or string of code, that infects software. The main function of a virus is to reproduce and deliver its payload, and it requires a host application to do this. In other words, viruses cannot replicate on their own. A virus infects a file by inserting or attaching a copy of itself to the file. The virus is just the "delivery mechanism." It can have any type of payload (deleting system files, displaying specific messages, reconfiguring systems, stealing sensitive data, installing a sniffer or back door).

310

Open Web Application Security Project (OWASP)

Another organization that deals specifically with web security issues is the Open Web Application Security Project (OWASP). Along with a long list of tools, articles, and resources that developers can follow to create secure software, it also has individual member meetings (chapters) throughout the world. The group provides development guidelines, testing procedures, and code review steps, but is probably best known for its top ten web application security risk list that it maintains. The top risks identified by this group as of the writing of this book are as follows:

311

Validation

Determines if the product provides the necessary solution for the intended real-world problem.

312

two-phase commit

A two-phase commit mechanism is yet another control that is used in databases to ensure the integrity of the data held within the database. Databases commonly carry out transaction processes, which means the user and the database interact at the same time. The opposite is batch processing, which means that requests for database changes are put into a queue and activated all at once—not at the exact time the user makes the request. In transactional processes, many times a transaction will require that more than one database be updated during the process. The databases need to make sure each database is properly modified, or no modification takes place at all. When a database change is submitted by the user, the different databases initially store these changes temporarily. A transaction monitor will then send out a "pre-commit" command to each database. If all the right databases respond with an acknowledgment, then the monitor sends out a "commit" command to each database. This ensures that all of the necessary information is stored in all the right places at the right time.

313

preliminary risk assessment

A preliminary risk assessment should be carried out to develop an initial description of the confidentiality, integrity, and availability requirements of the system. The assessment should define the environment in which the system will operate within and any identified vulnerabilities. This will help the team to start the process of identifying the required security controls that the system will need to possess.

314

database management system (DBMS)

A database is a collection of data stored in a meaningful way that enables multiple users and applications to access, view, and modify data as needed. Databases are managed with software that provides these types of capabilities. It also enforces access control restrictions, provides data integrity and redundancy, and sets up different procedures for data manipulation. This software is referred to as a database management system (DBMS) and is usually controlled by a database administrator. Databases not only store data, but may also process data and represent them in a more usable and logical form. DBMSs interface with programs, users, and data within the database. They help us store, organize, and retrieve information effectively and efficiently.

315

Mashup

The combination of functionality, data, and presentation capabilities of two or more sources to provide some type of new service or functionality.

316

Object-oriented analysis (OOA)

Object-oriented analysis (OOA) is the process of classifying objects that will be appropriate for a solution. A problem is analyzed to determine the classes of objects to be used in the application.

317

Environment versus Application

Software controls can be implemented by the operating system or by the application—and usually a combination of both is used. Each has its strengths and weaknesses, but if they are all understood and programmed to work in a concerted effort, then many different scenarios and types of compromises can be thwarted. One downside to relying mainly on operating system controls is that although they can control a subject’s access to different objects and restrict the actions of that subject within the system, they do not necessarily restrict the subject’s actions within an application. If an application has a security vulnerability within its own programming code, it is hard for the operating system to predict and control this vulnerability. An operating system is a broad environment for many applications to work within. It is unfair to expect the operating system to understand all the nuances of different programs and their internal mechanisms.

318

4. What is the purpose of polyinstantiation?

  A. To restrict lower-level subjects from accessing low-level information

  B. To make a copy of an object and modify the attributes of the second copy

  C. To create different objects that will react in different ways to the same input

  D. To create different objects that will take on inheritance attributes from their class

4. B. Instantiation is what happens when an object is created from a class. Polyinstantiation is when more than one object is made and the other copy is modified to have different attributes. This can be done for several reasons. The example given in the chapter was a way to use polyinstantiation for security purposes to ensure that a lower-level subject could not access an object at a higher level.

319

Antimalware Programs

Detecting and protecting an enterprise from the long list of malware requires more than just rolling out antivirus software. Just as with other pieces of a security program, certain administrative, physical, and technical controls must be deployed and maintained.

320

Open Web Application Security Project (OWASP)

A nonprofit organization focused on improving the security of application software.

321

fingerprint detection)

Signature-based detection (also called fingerprint detection) is an effective way to detect malicious software, but there is a delayed response time to new threats. Once a virus is detected, the antivirus vendor must study it, develop and test a new signature, release the signature, and all customers must download it. If the malicious code is just sending out silly pictures to all of your friends, this delay is not so critical. If the malicious software is similar to the Slammer worm, this amount of delay can be devastating.

322

object-relational database (ORD)

Now let’s look at object-relational databases, just for the fun of it. An object-relational database (ORD) or object-relational database management system (ORDBMS) is a relational database with a software front end that is written in an object-oriented programming language. Why would we create such a silly combination? Well, a relational database just holds data in static two-dimensional tables. When the data are accessed, some type of processing needs to be carried out on it—otherwise, there is really no reason to obtain the data. If we have a front end that provides the procedures (methods) that can be carried out on the data, then each and every application that accesses this database does not need to have the necessary procedures. This means that each and every application does not need to contain the procedures necessary to gain what it really wants from this database.

323

Savepoints

Savepoints are used to make sure that if a system failure occurs, or if an error is detected, the database can attempt to return to a point before the system crashed or hiccupped. For a conceptual example, say Dave typed, "Jeremiah was a bullfrog. He was <savepoint> a good friend of mine." (The system inserted a savepoint.) Then a freak storm came through and rebooted the system. When Dave got back into the database client application, he might see "Jeremiah was a bullfrog. He was," but the rest was lost. Therefore, the savepoint saved some of his work. Databases and other applications will use this technique to attempt to restore the user’s work and the state of the database after a glitch, but some glitches are just too large and invasive to overcome.

324

Trojan Horses

A Trojan horse is a program that is disguised as another program. For example, a Trojan horse can be named Notepad.exe and have the same icon as the regular Notepad program. However, when a user executes Notepad.exe, the program can delete system files. Trojan horses perform a useful functionality in addition to the malicious functionality in the background. So the Trojan horse named Notepad.exe may still run the Notepad program for the user, but in the background it will manipulate files or cause other malicious acts.

325

Consistency

A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases.

326

Object request broker (ORB)

Manages all communications between components and enables them to interact in a heterogeneous and distributed environment. The ORB acts as a "broker" between a client request for a service from a distributed object and the completion of that request.

327

inference

The other security issue is inference, which is the intended result of aggregation. The inference problem happens when a subject deduces the full story from the pieces he learned of through aggregation. This is seen when data at a lower security level indirectly portrays data at a higher level.

328

The following list illustrates the basic software programming language generations:

  • Generation one: machine language
  • Generation two: assembly language
  • Generation three: high-level language
  • Generation four: very high-level language
  • Generation five: natural language

329

Nonpersistent XSS

Nonpersistent XSS vulnerabilities, or reflected vulnerabilities, occur when an attacker tricks the victim into processing a URL programmed with a rogue script to steal the victim’s sensitive information (cookie, session ID, etc.). The principle behind this attack lies in exploiting the lack of proper input or output validation on dynamic web sites.