Chapter 11

Question 1

CSRF

Answer 1

Cross Site Request Forgery

Question 2

DevOps

Answer 2

Development and Operations

Question 3

OWASP

Answer 3

Open Web Application Security Project

Question 4

SDK

Answer 4

Software Development Kit

Question 5

SDL

Answer 5

Software Development Lifecycle

Question 6

SQL

Answer 6

Structured Query Langauge

Question 7

QA

Answer 7

Quality Assurance

Question 8

XSRF

Answer 8

Cross site Request Forgery

Question 9

XSS

Answer 9

Cross site scripting

Question 10

4 environments Development, Test, Staging Production

Question 11

Compiler

Answer 11

Compilers take computer programs written in one language and convert them to a set of codes that can run on a specific set of hardware.

Question 12

Automation as it applies to DevOps

Answer 12

Automating routines and extensive processes allows fewer resources to cover more of the environment in a more effective and efficient manner.

Question 13

Code Reuse

Question 14

Continuous Delivery

Question 15

Continuous Deployment

Question 16

Continuous Integration

Question 17

Continuous monitoring

Question 18

Continuous validation

Question 19

Data Exposure

Answer 19

Loss of control of data from a system during operations.

Question 20

Dead Code

Answer 20

Code that may be executed but is never actually used in a program

Question 21

Dead Code Elimination

Answer 21

Compilers that can take care of and remove dead code

Question 22

Deprovisioning

Answer 22

The removal of permissions or authorities.

Question 23

Elasticity

Answer 23

The characteristic that something is capable of change without breaking.

Question 24

Fuzzing

Question 25

Garbage Collection

Question 26

Legacy Code

Question 27

Memory leaks

Question 28

Normalization

Question 29

Patch Management

Question 30

Provisioning

Question 31

Scalability

Answer 31

the characteristic of a software system to process higher workloads on its current resources (scale up) or on additional resources (scale out) without interruption.

Question 32

Scripting

Question 33

Software Integrity

Question 34

Third Party Libraries

Question 35

Versioning

Question 36

What environment does the test environment mimic?

Answer 36

Production

Question 37

What are two advantages of using SDK's and third party libraries?

Question 38

What is an advantage of a stored procedure?

Question 39

What is a disadvantage of a stored procedure?

Question 40

What is DevOps?

Question 41

Can encoded transmissions be used to bypass security mechanisms?

Question 42

Maintaining control of codebase integrity means what two things are happening?

Question 43

What is obfuscated/camoflaged code?

Question 44

What do 0 and 1 mean in binary code?

Question 45

Does all code possess weaknesses and vulnerabilities?

Question 46

Why is the client not a suitable place to perform any critical value checks or security checks?

Question 47

In terms of software scalability, what is the difference between scaling up and scaling out?

Question 48

What is the monoculture avoidance as it applies to software diversity?

Question 49

What are some programming languages used today?

Question 50

What is legacy code? Should it be used in modern software development?

Question 51

How is hashing used with codebase?