Chapter 25: Secure Software Flashcards
(42 cards)
machine language
consists of 1’s and 0’s; only format a computer’s processor can understand directly; considered a first-generation language
Assembly language
second-generation programming language, uses symbols (mnemonics) to represent complicated binary codes
third-generation programming languages
high-level languages (C/C++, Java, Python) have refined programming structures; programming language deals with the low-level system architecture and programmers focus on their programming objectives
fourth-generation languages
very high-level languages; use natural language processing to allow inexpert programmers to develop code in less time than it would take an experienced software engineer to do so with a third-generation language
fifth-generation languages
natural languages; define the constraints for achieving a specified result and allow development environment to solve problems by itself instead of a programmer having to develop code to deal with individual and specific problems
assemblers
tools which convert assembly language source code into machine code
compilers
transform instructions from a source language (high-level) to a target language (machine), sometimes using an external assembler
garbage collector
identifies blocks of memory which were once allocated but are no longer in use and deallocates the blocks and marks them as free
RTE
runtime environment
runtime environment
a mini operating system for the program and provides all the resources portable code needs
OOP
object-oriented programming
object-oriented programming
functions and data are encapsulated together in classes, which may then be instantiated as objects
objects in OOP communicate by …
using messages which conform to the receiving object’s application programming interface (API) definition
cohesion
how many different types of tasks a module can carry out; goal is to perform only one task (high cohesion), which makes modules easier to maintain
coupling
measure of how much a module depends on others; more dependencies are more complex and difficult to maintain, so low or loose coupling is ideal
API
the manner in which a software component interacts with other software components
parameter validation
confirming the parameter values being received by an application are within defined limits before they are processed by the system
software library
collection of components which do specific tasks useful to other components
secure coding
set of practices which reduce (to acceptable levels) the risk of vulnerabilities in software
source code vulnerability
defect in code which provides threat actors opportunities to compromise the security of a software system
secure coding standards
verifiable, mandatory practices to reduce the risk of particular types of vulnerabilities in source code
secure coding guidelines
recommended practices which tend to be less specific than standards
SDS or SDSec
software-defined security
software-defined security
security model in which security functions: firewalling, IDS/IPS, and network segmentation are implemented in software within an SDN environment
