Chaptet 10 - Software Security Flashcards
(132 cards)
0
Q
Initiation
A
The first step, the idea, the choosing a vendor vs homebrew, the project level risk assessment .. Will this work?
1
Q
Software development lifecycle
A
Initiation Acquisition Implementation Operation/Maintenance Disposal
2
Q
Certification vs accreditation
A
Certification is the technical testing
Accreditation is the formal authorization
3
Q
Statement of work
A
Outlines the work necessary to work with a customer on a project
4
Q
Scope creep
A
When the purpose of a project shifts during the processes and additional steps are added
5
Q
Work breakdown structure
A
A project management tool used to group sets of activities logically to keep focused
6
Q
Privacy risk assessment
A
A software risk assessment to discover vulnerabilities
7
Q
Privacy impact rating
A
This is the level of impact per item on the privacy risk assessment, generally rated in P1 to P3
8
Q
What three models of software design are there?
A
Informational
Functional
Behavioral
9
Q
Attack surface analysis
A
Aims to reduce the amount of code accessible by untrusted users
10
Q
Threat modeling
A
Model used to detect threat vectors using a threat analysis tree
Threat analysis and modeling tool
11
Q
Computer aided software engineering CASE
A
Tools like dreamweaver and visual studio
12
Q
Where can I find a list of common code vulnerabilities?
A
Cwe.mitre.org/top25/#Listing
13
Q
Static analysis
A
Automated code review
14
Q
Unit testing
A
Testing a module or chunk of code
15
Q
What are the key components of a test phase?
A
Test needs to mirror production
Pen testing is necessary
Platform testing
16
Q
Testing types
A
Unit testing
Integration testing
Acceptance testing
Regression testing
17
Q
Fuzzing
A
Throwing random data at a solution to see what errors occur in order to detect vulnerabilities
18
Q
Dynamic analysis
A
Watching the code stream and sub level messages to ensure code is running correctly
19
Q
Maintenance hook
A
Code that is used for troubleshooting low level code and should be removed in prod
20
Q
Verification vs validation
A
Verification determines accuracy to spec
Validation determines of the product solved the intended problem
21
Q
Zero day vulnerability
A
Vulnerability that does not have a fix yet
22
Q
Wasc
A
Web application security consortium is a web organization that tracks attacks on the Internet
Owasp is the open standard for this
23
Q
ISO 27034
A
Software development guidelines
24
Build in security
A homeland security effort that makes guidelines for software developers
25
Build and fix model
Build and deploy first .. Then fix
26
Waterfall model
Each phase is completed in entirety and cannot be returned to until the process is completed as a whole
27
V-shaped model
Similar to waterfall but with testing at each stage that can fall back to previous steps
28
Rapid prototype
A throw away prototype meant to just see it in a action
29
Evolutionary vs operational prototype
A prototype that is not discarded but evolved, operational means it is put into production
30
Incremental model
Many small waterfalls take place with each phase
31
Spiral model
Slow moving security conscientious and risk centric model with evolutionary and operational prototypes in the mix
32
Rapid application development
Demonstrate refine build repeat
33
Agile model
Functional based incremental code that is assembled on the fly and driven by customer requirements
34
Exploratory model
Specification based development
35
Joint analysis development
Workshop oriented development
36
Reuse model
Taking other functions already made an piecing them together
37
Clean room development
Development that is mostly test based and meant for certification
38
Capability maturity model integration
A maturity model that helps companies work together in development
39
CMMI stages
```
Initial
Repeatable
Defined
Managed
Optimized
```
40
Software configuration manager
GitHub like software
41
Software escrow
When software is stored for individuals in a software 'vault'
42
Assembly language
Uses assemblers to take ADD PUSH POP etc commands and create then into binary
43
High level language
C is considered a high level language and uses else if and then
44
Very high language
C++ is a good example of this level
45
Natural languages
C# is a natural language and flows logically and easily
46
Generation one language
Machine language
47
Interpreter
Used as an intermediary to run bytecode .. Java, flash, powershell, bash are interpreted languages
48
Garbage collection
Taking all unused memory cells and giving them back to the OS
50
OOP
Object based language
51
Method
An actionable code that modifies an object
52
Encapsulated code
Reusable isolated object
53
Data hiding
Objects can access other objects except through methods
54
Library
All needed objects live in one place and exist only once
55
OOA vs OOD structured analysis
OOA is analysis and classification OOD is design that modularizes data into objects
56
Data Modeling
I input 1 and expect 17 to output, lets test
57
Cohesion
High cohesion means that the tasks of a module are limited and of the same limited discipline making it easier to adjust
58
Coupling
Modules level of dependency on other modules
59
Data structure
A logical representation between elements of data
60
DCOM vs DCE
DCOM is Microsoft proprietary distributed computer system that uses GUID, DCE is open and uses universal unique IDs UUID
61
Common Object Request Broker Architecture
An open object-oriented uniform standard architecture
62
ORBs
System oriented brokers (object request broker)
63
COM vs DCOM
Component object model is for local machines, DCOM is distributed to network machines
64
.Net
A framework that has replaced COM/DCOM
65
OLE
Object linking and embedding enhances COM
66
J2EE
Java version of what COM was to Microsoft
67
Service Oriented Architecture (SOA)
Web based single destination for service control (automatrix)
68
UDDI, WSDL, and SOAP
XML based components that work within SOA
69
Web 2.0
An internet in which people could supply content without code, ie Facebook, YouTube, etc
70
Mashup
Combining common services together, this is what google did in the 90's with search engines
71
SaaS
Combining software into a SOA and providing a central access
72
Mobile Code
Code executed on the client side
73
JVM
Runs 'bytecode' interpreter on a java virtual machine sandbox on the client end regardless of OS
74
ActiveX
Microsoft OOP using a COM/DCOM based sandbox
75
Authenticode
Microsoft version of digital signatures implemented into ActiveX
76
Server Side Includes
Document that dynamically stores information in a server side .inc file, this can be accessed and code can be learned from this
77
Information Gathering
Getting server side includes, DB passwords, error messages and other information from the public connectable code
78
Administrative Interfaces
Admin accessible consoles should be far more secure than the web interface that the admin console implements
79
Authentication and Access Control
Authentication user/pass should be different per site, secured by SSL, and a strong password and uncommon username
80
Input Validation
Ensures the input is within limits and cannot be used to crash or obtain critical data
81
Client Side Validation
Works great to reduce server errors and load, but doesnt work out securely if it is the ONLY method being used to validate
82
SQL Injection
Input SQL commands into input variables to execute them
83
Cross Site Scripting (XSS)
Cross-Site Scripting any code written that can steal cookies, hijack sessions, execute malware or exploit vulnerabilities
84
Parameter validation
Validation of system variables people shouldn't have access to
85
Session Cookie vs Persistent Cookie
Session is in memory, persistent is saved to the machine
86
What is the risk of a web proxy?
Input can be changed at the proxy on session cookies
87
What is the danger of hidden fields?
They can still be found and modified
88
Adequate Parameter Validation
Pre-validation of input along with Post-validation
89
Session Management
Usually done with Session IDs and should be over HTTPs
90
Replay Attacks
Capturing requests and resubmitting them to gain access
91
What are the database models?
```
Relational - N1 N2 N3
Hierarchical - Subject to Author to Book
Network - Hierarchical with a mesh
Object - Created with OOP trees
Object-relational - OOP front end to a Relational backend
```
92
What are some client Database Interfaces?
ODBC - Open
OLEDB - OLE
ADO - activeX
JDBC - Java
93
Data Definition Language
Defines structure and schema of DB
94
Data Dictionary
Metadata (data about data) for databases
95
What is the primary method of ensuring integrity in a DB?
Database Locking
96
Semantic vs Referential vs Entity Integrity Check
Semantic - Rule checking
Referential - Primary/Foreign Key checking
Entity - Every Tuple has a primary key
97
Rollback database
Undo changes
98
Commit and Two-Phase commit?
Submits changes, two phase verifies all servers are responsive that should be first
99
Aggregation
Taking two pieces of information and combining them to draw a secret conclusion
100
Inference
The ability to derive information not directly accessible
101
Content vs Context dependent access control
Content is based on sensitivity of the data
| Context is based on the individual having access to all pieces of the answer before getting part of the pieces
102
Cell Suppression
Hiding cells that could be used in inference attacks
103
Partitioning the DB
Hides part of the answer here, and another part there
104
Noise and perturbation
Adding false data to confuse the message
105
Database Views
Used to give security to specific collections of tables and rows (tuples) without duplicate data
106
Polyinstantiation
Creating bogus data to throw off legitimate higher data
107
OLTP
Used to ensure ALL replications of the data are consistent and verified
108
Data Warehousing
Aggregating key elements of multiple databases into one normalized database used for data mining
109
Data mining
Mathematical and analytical reporting from a data warehouse
110
Knowledge discovery in Database (KDD)
Used to classify and collectively organize data mining
111
Expert Systems
AI, machines that can learn like a human brain
112
Rule-based programming
Pattern matching to draw up inference in and inference engine
113
Artificial Neural Network
Computer aided attempt to recreate the human brain
114
Malware
Malicious software
115
Virus
A self replicating piece of malware dependent on software
116
Type of Viruses
Macro - script in application (like excel)
Boot Sector - on boot, you get hosed
Compression - on decompress, bam
Stealth - hidden by faking filesize or moving contents
Polymorphic - generates noise for the virus scanner
Multipart - infects multiple aspects of a virus
Meme - hoax emails
Script - running .vb or .jar from untrusted
Tunneling - Installs under antivirus so it cannot see it
117
Worm
Self-replication application independent virus
118
Rootkit
A kit of software making it easier to stay hidden, gather information, and stay accessible by the attacker
119
Spyware
Information gathers
120
Adware
Advertisement based malware
121
Botnet
Bot based attacks commanded by a C&C
122
Command and Control (C&C)
Used to centrally manage all bots at the same time, often used for DDOS, but many other applications are feasible
123
Fast Flux
Rapidly change DNS on malicious sites to disguise source
124
Logic Bombs
"If account disabled, deleted database"
125
Trojan
A disguised application, ie. notepad.exe
126
Remote access trojans (rats)
A trojan that installs an agent that gives remote access (subseven or back orifice)
127
Signature based antivirus
Fingerprint, effective, but there is a 'long' delay between when the virus releases and when it is fingerprinted
128
Heuristic antivirus
Analyzing code and making assumptions it is malware
129
Static vs Dynamic Analysis
Dynamic is running code, static is not
130
Behavior Blocking
Allows virus to run, but inhibits ability to function by taking away OS functionality
131
Immunizer
Makes a particular functionality look infected, to fool the virus
132
Bayesian filtering
Mathematical logic used to detect patterns
