Domain 8 - Software Development Security Flashcards Preview

CISSP > Domain 8 - Software Development Security > Flashcards

Flashcards in Domain 8 - Software Development Security Deck (85):

internal code that defines the actions an object performs in response to a message.

A method


The results or output exhibited by an object



A collection of the common methods from a set of objects that defi nes the behavior of those objects



Objects are ______ of or examples of classes that contain their methods.



This occurs when methods from a class (parent or superclass) are inherited by another subclass (child).



the forwarding of a request by an object to another object or delegate. An object delegates if it does not have a method to handle the message.



the characteristic of an object that allows it to respond
with different behaviors to the same message or method because of changes in external conditions.



describes the strength of the relationship between the purposes of the methods within the same class.



the level of interaction between objects.



This verifies that the values provided by a user match the programmer’s expectation before allowing further processing.

Input validation


puts the system into a high level of security (and possibly even disables it entirely) until an administrator can diagnose the problem and restore the system to normal operation.

fail-secure failure state


allows users to bypass failed security controls, erring on the side of permissiveness.

fail-open state


List the stages of the Software Capability Maturity
Model (abbreviated as SW-CMM)

Level 1: Initial, Level 2: Repeatable, Level 3: Defined, Level 4: Managed, Level 5: Optimizing


a type of bar chart that shows the interrelationships over time between projects and schedules.

A Gantt chart


Name the 3 basic components of change management process

Request Control, Change Control, Release Control


This component of change management process provides an organized framework within which users can request modifications, managers can conduct cost/benefit analysis, and developers can prioritize tasks.

Request Control


This component of change management process is used by developers to re-create the situation encountered by the user and analyze the appropriate changes to remedy the situation. It also provides an organized framework within which multiple developers can create and test a solution prior to rolling it out into a production environment.

Change Control


Once the changes are finalized, they must be approved for release through this procedure. An essential step of this component in the change management process is to double-check and ensure that any code inserted as a programming aid during this process (such as debugging code and/or back doors) is removed before releasing the new software to production. This should also include acceptance testing to ensure that any alterations to end-user work tasks are understood and functional.

Release Control


List the four main components of configuration management.

Configuration Identification, Configuration Control, Configuration Status Accounting, Configuration Audit


During this process, administrators document the configuration of covered software products throughout the organization.

Configuration Identification


This process ensures that changes to software versions are made in accordance with the change control and configuration management policies. Updates can be made only from authorized distributions in accordance
with those policies.

Configuration Control


Formalized procedures are used to keep track of all
authorized changes that take place.

Configuration Status Accounting


This should be conducted to ensure that the actual production environment is consistent with the accounting records and that no unauthorized configuration changes have taken place.

Configuration Audit


These allow application developers to bypass traditional web pages and interact directly with the underlying service through function calls.

application programming interfaces (APIs)


ensures that values returned by software match specifi ed criteria that are within reasonable bounds. For example, a routine that calculated optimal weight for a human being and returned a value of 612 pounds would certainly fail this type of test

reasonableness check


This testing examines the internal logical structures of a program and steps through the code line by line, analyzing the program for potential errors.

White-box testing


This testing examines the program from a user perspective by providing a wide variety of input scenarios and inspecting the output. These testers do not have access to the internal code.

Black-box Testing


This testing combines the two approaches and is popular for software validation. In this approach, testers examine the software from a user perspective,
analyzing inputs and outputs. They also have access to the source code and use it to help design their tests. They do not, however, analyze the inner workings of the program during their testing.

Gray-box Testing


This testing evaluates the security of software without running it by analyzing either the source code or the compiled application. It usually involves the use of automated tools designed to detect common software flaws, such as buffer overflows.

Static Testing


This testing evaluates the security of software in a runtime environment and is often the only option for organizations deploying applications written by someone else.

Dynamic Testing


This data model combines records and fields that are related in a logical tree structure.

Hierarchical data model


This data model has data stored in more than one database, but those databases are logically connected. The user perceives the database as a single entity, even though it consists of numerous parts interconnected over a network. Each field can have
numerous children as well as numerous parents. Thus, the data mapping relationship for these databases is many-to-many.

distributed data model


These databases consists of flat two-dimensional tables made up of rows and columns. In fact, each table looks similar to a spreadsheet file. The row and column structure provides for one-to-one data mapping relationships.

A relational database


In relational databases what are the columns in a tabled called



In relational databases what does each row represent

a record or tuple


In relational databases the number of rows in a relation is called what



In relational databases the number of columns in a relation is called what



In relational databases the set of allowable values that the attribute can take is called what

The domain of an attribute


Database transactions must be this—that is, they must be an “all-or-nothing” affair. If any part of the transaction fails, the entire transaction must be rolled back as if it never occurred.



All transactions must begin operating in an environment that is consistent with all of the database’s rules (for example, all records have a unique primary key). When the transaction is complete, the database must again be consistent with the rules, regardless of whether those rules were violated during the processing of the transaction itself. No other transaction should ever be able to use any inconsistent data that might be generated during the execution of another transaction.



This principle requires that transactions operate separately from each other. If a database receives two SQL transactions that modify the same data, one transaction must be completed in its entirety before the other transaction is allowed to modify the same data. This prevents one transaction from working with invalid data generated as an intermediate step by another transaction.



Database transactions must be this. That is, once they are committed to the database, they must be preserved. Databases ensure this through the use of
backup mechanisms, such as transaction logs.



This,or edit control, is a preventive security mechanism that endeavors to make certain that the information stored in the database is always correct or at least has its integrity and availability protected.



the concept of hiding individual database fields or cells or imposing more security restrictions on them.

cell suppression


the process of splitting a single database into multiple parts, each with a unique and distinct security level or type of content.

Database partitioning


This occurs when two or more rows in the same relational database table appear to have identical primary key elements but contain different data for use at differing classifi cation levels. It is often used as a defense against some types of inference attacks



a database feature that allows applications to communicate with different types of databases without having to be directly programmed for interaction with each type.

Open Database Connectivity (ODBC)


consists of the main memory resources directly available to a system’s CPU. It normally consists of volatile random access memory (RAM) and is usually the most high-performance storage resource available to a system.

Primary (or “real”) memory


These systems consist of two main components: a knowledge base that contains a series of “if/then” rules and an inference engine that uses that information to draw conclusions about other data.

Expert systems


These simulate the functioning of the human mind to a limited extent by arranging a series of layered calculations to solve problems. They require extensive training on a particular problem before they are able to offer solutions.

Neural networks


This describes a sequential development process that results in the development of a finished product.

waterfall model


This model uses several iterations of the waterfall model to produce a number of fully specified and tested prototypes.

The spiral model


This model places an emphasis on the needs of the
customer and quickly developing new functionality that meets those needs in an iterative fashion.

Agile development model


This consists of more inexpensive, nonvolatile storage resources available to a system for long-term use. Typical secondary storage resources include magnetic
and optical media, such as tapes, disks, hard drives, flash drives, and CD/DVD storage.

Secondary storage


This allows a system to simulate additional primary memory resources through the use of secondary storage. For example, a system low on expensive RAM might make a portion of the hard disk available for direct CPU addressing.

Virtual memory


This allows a system to simulate secondary storage resources through the use of primary storage. The most common example of virtual storage is the RAM disk that presents itself to the operating system as a secondary storage device but is actually implemented in volatile RAM. This provides an extremely fast file system for use in various applications but provides no recovery capability.

Virtual storage


This allows the operating system to request contents from any point within the media. RAM and hard drives are examples of these storage resources.

Random access storage


This requires scanning through the entire media from the beginning to reach a specific address. A magnetic tape is a common example of a these storage resource.

Sequential access storage


This loses its contents when power is removed from the resource. RAM is the most common type of volatile storage resource.

Volatile storage


This does not depend upon the presence of power to maintain its contents. Magnetic/optical media and nonvolatile RAM (NVRAM) are typical examples of nonvolatile storage resources.

Nonvolatile storage


What are the two main functions of viruses?

propagation and destruction


One of the earliest known forms of virus infection. These viruses attack the portion of bootable media (such as a hard disk, USB drive, or CD/DVD) that the computer uses to load the operating system during the boot process.

Master Boot Record Viruses


These viruses infect different types of executable files and trigger when the operating system attempts to execute them.

File Infector Viruses


Many common software applications implement some sort of scripting functionality to assist with the automation of repetitive tasks. Although they offer great productivity-enhancing opportunities to computer users, they also expose systems to yet another avenue of infection.

Macro Viruses


Recent outbreaks of malicious code use yet another technique to infect systems and escape detection—injecting themselves into trusted runtime processes
of the operating system, such as svchost.exe , winlogin.exe , and explorer.exe .

Service Injection Viruses


These viruses use more than one propagation technique in an attempt to penetrate systems that defend against only one method or the other.

Multipartite Viruses


These viruses hide themselves by actually tampering with the operating system to fool antivirus packages into thinking that everything is functioning normally. For
example, this virus might overwrite the system’s master boot record with malicious code but then also modify the operating system’s file access functionality to cover
its tracks.

Stealth Viruses


These viruses actually modify their own code as they travel from system to system. The virus’s propagation and destruction techniques remain the same, but the signature of the virus is somewhat different each time it infects a new system. It is the hope of polymorphic virus creators that this constantly changing signature
will render signature-based antivirus packages useless.

Polymorphic viruses


These viruses use cryptographic techniques to avoid detection. In their outward appearance, they are actually quite similar to polymorphic viruses—each infected system has a virus with a different signature. However, they do not generate these modified signatures by changing their code; instead, they alter the way they are stored on the disk.

Encrypted viruses


malicious code objects that infect a system and lie dormant until they are triggered by the occurrence of one or more conditions such as time, program launch, website logon, and so on.

logic bombs


a software program that appears benevolent but carries a malicious, behind-the-scenes payload that has the potential to wreak havoc on a system or network.

Trojan horse


These contain the same destructive potential as other malicious code objects with an added twist—they propagate themselves without requiring any human intervention.



These vulnerabilities exist when a developer does not properly validate user input to ensure that it is of an appropriate size. Input that is too large can “overflow” a data structure to affect other data stored in the computer’s memory.

Buffer overflow


This issue is a timing vulnerability that occurs when a program checks access permissions too far in advance of a resource request. For example, if an operating system builds a comprehensive list of access permissions for a user upon logon and then consults that list throughout the logon session, this vulnerability exists.

time-of-check-to-time-of-use (TOCTTOU or TOC/TOU)


These are undocumented command sequences that allow individuals with knowledge of the back door to bypass normal access restrictions. They are often used during the development and debugging process to speed up the workflow and avoid forcing developers
to continuously authenticate to the system.

Back doors


This is a type of computer security vulnerability typically found in web applications. It enables attackers to inject client-side scripts into web pages viewed by other users.

Cross-site scripting


These attacks use unexpected input to a web application. They allow a malicious individual to directly perform SQL transactions against the underlying database to gain unauthorized access to an underlying database.

SQL injection


These are often the first type of network reconnaissance carried out against a targeted network. The nmap tool is one of the most common tools used to perform these.

IP probes (also called IP sweeps or ping sweeps )


These probe all the activesystems on a network and determine what public services are running on each machine.

port scan


Attackers borrow the identities of legitimate users and systems to gain the trust of third parties.

masquerading attacks


In this attack , the malicious individual simply reconfigures their system so that it has the IP address of a trusted system and then attempts to gain access to other external resources. This is surprisingly effective on many networks that don’t have adequate filters installed to prevent this type of traffic from occurring.

IP spoofing


These attacks occur when a malicious individual intercepts part of the communication between an authorized user and a resource and then uses a hijacking technique to take over the session and assume the identity of the authorized user.

Session hijacking


This is also known as one-click attack or session riding. It is a type of malicious exploit of a website where unauthorized commands are transmitted from a user that the website trusts.

Cross-site Request Forgery


Cross Site scripting takes advantage of trust I have in a web site. Cross Site Request Forgery takes advantage of trust a web site has in me.



Within databases this states that the primary key field can't be null

Entity Integrity