Flashcards in Domain 8 - Software Development Security Deck (85):
internal code that defines the actions an object performs in response to a message.
The results or output exhibited by an object
A collection of the common methods from a set of objects that defi nes the behavior of those objects
Objects are ______ of or examples of classes that contain their methods.
This occurs when methods from a class (parent or superclass) are inherited by another subclass (child).
the forwarding of a request by an object to another object or delegate. An object delegates if it does not have a method to handle the message.
the characteristic of an object that allows it to respond
with different behaviors to the same message or method because of changes in external conditions.
describes the strength of the relationship between the purposes of the methods within the same class.
the level of interaction between objects.
This verifies that the values provided by a user match the programmer’s expectation before allowing further processing.
puts the system into a high level of security (and possibly even disables it entirely) until an administrator can diagnose the problem and restore the system to normal operation.
fail-secure failure state
allows users to bypass failed security controls, erring on the side of permissiveness.
List the stages of the Software Capability Maturity
Model (abbreviated as SW-CMM)
Level 1: Initial, Level 2: Repeatable, Level 3: Defined, Level 4: Managed, Level 5: Optimizing
a type of bar chart that shows the interrelationships over time between projects and schedules.
A Gantt chart
Name the 3 basic components of change management process
Request Control, Change Control, Release Control
This component of change management process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.
This component of change management process is used by developers to re-create the situation encountered by the user and analyze the appropriate changes to remedy the situation. It also provides an organized framework within which multiple developers can create and test a solution prior to rolling it out into a production environment.
Once the changes are finalized, they must be approved for release through this procedure. An essential step of this component in the change management process is to double-check and ensure that any code inserted as a programming aid during this process (such as debugging code and/or back doors) is removed before releasing the new software to production. This should also include acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.
List the four main components of configuration management.
Configuration Identification, Configuration Control, Configuration Status Accounting, Configuration Audit
During this process, administrators document the configuration of covered software products throughout the organization.
This process ensures that changes to software versions are made in accordance with the change control and configuration management policies. Updates can be made only from authorized distributions in accordance
with those policies.
Formalized procedures are used to keep track of all
authorized changes that take place.
Configuration Status Accounting
This should be conducted to ensure that the actual production environment is consistent with the accounting records and that no unauthorized configuration changes have taken place.
These allow application developers to bypass traditional web pages and interact directly with the underlying service through function calls.
application programming interfaces (APIs)
ensures that values returned by software match specifi ed criteria that are within reasonable bounds. For example, a routine that calculated optimal weight for a human being and returned a value of 612 pounds would certainly fail this type of test
This testing examines the internal logical structures of a program and steps through the code line by line, analyzing the program for potential errors.
This testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output. These testers do not have access to the internal code.
This testing combines the two approaches and is popular for software validation. In this approach, testers examine the software from a user perspective,
analyzing inputs and outputs. They also have access to the source code and use it to help design their tests. They do not, however, analyze the inner workings of the program during their testing.
This testing evaluates the security of software without running it by analyzing either the source code or the compiled application. It usually involves the use of automated tools designed to detect common software flaws, such as buffer overflows.
This testing evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.
This data model combines records and fields that are related in a logical tree structure.
Hierarchical data model
This data model has data stored in more than one database, but those databases are logically connected. The user perceives the database as a single entity, even though it consists of numerous parts interconnected over a network. Each field can have
numerous children as well as numerous parents. Thus, the data mapping relationship for these databases is many-to-many.
distributed data model
These databases consists of flat two-dimensional tables made up of rows and columns. In fact, each table looks similar to a spreadsheet file. The row and column structure provides for one-to-one data mapping relationships.
A relational database
In relational databases what are the columns in a tabled called
In relational databases what does each row represent
a record or tuple
In relational databases the number of rows in a relation is called what
In relational databases the number of columns in a relation is called what
In relational databases the set of allowable values that the attribute can take is called what
The domain of an attribute
Database transactions must be this—that is, they must be an “all-or-nothing” affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.
All transactions must begin operating in an environment that is consistent with all of the database’s rules (for example, all records have a unique primary key). When the transaction is complete, the database must again be consistent with the rules, regardless of whether those rules were violated during the processing of the transaction itself. No other transaction should ever be able to use any inconsistent data that might be generated during the execution of another transaction.
This principle requires that transactions operate separately from each other. If a database receives two SQL transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data. This prevents one transaction from working with invalid data generated as an intermediate step by another transaction.
Database transactions must be this. That is, once they are committed to the database, they must be preserved. Databases ensure this through the use of
backup mechanisms, such as transaction logs.
This,or edit control, is a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected.
the concept of hiding individual database fields or cells or imposing more security restrictions on them.
the process of splitting a single database into multiple parts, each with a unique and distinct security level or type of content.
This occurs when two or more rows in the same relational database table appear to have identical primary key elements but contain different data for use at differing classifi cation levels. It is often used as a defense against some types of inference attacks
a database feature that allows applications to communicate with different types of databases without having to be directly programmed for interaction with each type.
Open Database Connectivity (ODBC)
consists of the main memory resources directly available to a system’s CPU. It normally consists of volatile random access memory (RAM) and is usually the most high-performance storage resource available to a system.
Primary (or “real”) memory
These systems consist of two main components: a knowledge base that contains a series of “if/then” rules and an inference engine that uses that information to draw conclusions about other data.
These simulate the functioning of the human mind to a limited extent by arranging a series of layered calculations to solve problems. They require extensive training on a particular problem before they are able to offer solutions.
This describes a sequential development process that results in the development of a finished product.
This model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes.
The spiral model
This model places an emphasis on the needs of the
customer and quickly developing new functionality that meets those needs in an iterative fashion.
Agile development model
This consists of more inexpensive, nonvolatile storage resources available to a system for long-term use. Typical secondary storage resources include magnetic
and optical media, such as tapes, disks, hard drives, flash drives, and CD/DVD storage.
This allows a system to simulate additional primary memory resources through the use of secondary storage. For example, a system low on expensive RAM might make a portion of the hard disk available for direct CPU addressing.
This allows a system to simulate secondary storage resources through the use of primary storage. The most common example of virtual storage is the RAM disk that presents itself to the operating system as a secondary storage device but is actually implemented in volatile RAM. This provides an extremely fast file system for use in various applications but provides no recovery capability.
This allows the operating system to request contents from any point within the media. RAM and hard drives are examples of these storage resources.
Random access storage
This requires scanning through the entire media from the beginning to reach a specific address. A magnetic tape is a common example of a these storage resource.
Sequential access storage
This loses its contents when power is removed from the resource. RAM is the most common type of volatile storage resource.
This does not depend upon the presence of power to maintain its contents. Magnetic/optical media and nonvolatile RAM (NVRAM) are typical examples of nonvolatile storage resources.
What are the two main functions of viruses?
propagation and destruction
One of the earliest known forms of virus infection. These viruses attack the portion of bootable media (such as a hard disk, USB drive, or CD/DVD) that the computer uses to load the operating system during the boot process.
Master Boot Record Viruses
These viruses infect different types of executable files and trigger when the operating system attempts to execute them.
File Infector Viruses
Many common software applications implement some sort of scripting functionality to assist with the automation of repetitive tasks. Although they offer great productivity-enhancing opportunities to computer users, they also expose systems to yet another avenue of infection.
Recent outbreaks of malicious code use yet another technique to infect systems and escape detection—injecting themselves into trusted runtime processes
of the operating system, such as svchost.exe , winlogin.exe , and explorer.exe .
Service Injection Viruses
These viruses use more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other.
These viruses hide themselves by actually tampering with the operating system to fool antivirus packages into thinking that everything is functioning normally. For
example, this virus might overwrite the system’s master boot record with malicious code but then also modify the operating system’s file access functionality to cover
These viruses actually modify their own code as they travel from system to system. The virus’s propagation and destruction techniques remain the same, but the signature of the virus is somewhat different each time it infects a new system. It is the hope of polymorphic virus creators that this constantly changing signature
will render signature-based antivirus packages useless.
These viruses use cryptographic techniques to avoid detection. In their outward appearance, they are actually quite similar to polymorphic viruses—each infected system has a virus with a different signature. However, they do not generate these modified signatures by changing their code; instead, they alter the way they are stored on the disk.
malicious code objects that infect a system and lie dormant until they are triggered by the occurrence of one or more conditions such as time, program launch, website logon, and so on.
a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network.
These contain the same destructive potential as other malicious code objects with an added twist—they propagate themselves without requiring any human intervention.
These vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size. Input that is too large can “overflow” a data structure to affect other data stored in the computer’s memory.
This issue is a timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request. For example, if an operating system builds a comprehensive list of access permissions for a user upon logon and then consults that list throughout the logon session, this vulnerability exists.
time-of-check-to-time-of-use (TOCTTOU or TOC/TOU)
These are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions. They are often used during the development and debugging process to speed up the workflow and avoid forcing developers
to continuously authenticate to the system.
This is a type of computer security vulnerability typically found in web applications. It enables attackers to inject client-side scripts into web pages viewed by other users.
These attacks use unexpected input to a web application. They allow a malicious individual to directly perform SQL transactions against the underlying database to gain unauthorized access to an underlying database.
These are often the first type of network reconnaissance carried out against a targeted network. The nmap tool is one of the most common tools used to perform these.
IP probes (also called IP sweeps or ping sweeps )
These probe all the activesystems on a network and determine what public services are running on each machine.
Attackers borrow the identities of legitimate users and systems to gain the trust of third parties.
In this attack , the malicious individual simply reconfigures their system so that it has the IP address of a trusted system and then attempts to gain access to other external resources. This is surprisingly effective on many networks that don’t have adequate filters installed to prevent this type of traffic from occurring.
These attacks occur when a malicious individual intercepts part of the communication between an authorized user and a resource and then uses a hijacking technique to take over the session and assume the identity of the authorized user.
This is also known as one-click attack or session riding. It is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.
Cross-site Request Forgery
Cross Site scripting takes advantage of trust I have in a web site. Cross Site Request Forgery takes advantage of trust a web site has in me.