Secure Software Architecture Glossary Flashcards
(21 cards)
Minimising cyber attacks and vulnerabilities
Using strong passwords, updating your software, thinking before you click on suspicious links, and turning on multi-factor authentication.
Data protection
Protecting data from unauthorized access, use, disclosure, modification, or destruction. This involves implementing measures like encryption, access controls, and intrusion detection systems.
Determining specifications
Identifying and defining security requirements, conducting threat modeling, and establishing secure design principles.
Design
Designing systems with security considerations integrated from the outset, rather than as an afterthought.
Development
Focuses on integrating security considerations throughout the entire software development lifecycle (SDLC).
Integration
Embedding security measures and considerations throughout the entire software development lifecycle and within the system’s architecture.
Testing and debugging
In contrast, debugging is the process of correcting or removing bugs or errors found in the testing process.
Installation
Implementing strategies and solutions to protect software from unauthorized access, modification, or misuse during the installation process.
Maintenance
Ongoing activities to ensure software remains secure after initial deployment.
Confidentiality
Ensures that sensitive information is accessible only to authorized individuals, preventing unauthorized access, use, or disclosure.
Integrity
Ensures data and systems remain accurate, trustworthy, and free from unauthorized modification throughout their lifecycle.
Availability
Ensures authorized users can access and use resources when needed.
Authentication
The process of verifying the identity of a user, device, or service before granting access to resources or systems.
Authorisation
The process of verifying the identity of a user, device, or service before granting access to resources or systems.
Accountability
Ensuring that actions within a system can be traced back to specific individuals or entities, enabling them to be held responsible for their actions.
Proactive not reactive approach
Proactive security hardening is a preventative approach implemented before threats materialize, whereas reactive security is a response to an ongoing or past security incident.
Embed privacy into design
Prioritize privacy considerations from the outset of the development lifecycle.
Respect for user privacy
Prioritizing user data protection and control throughout the software development lifecycle.
Broken authentication and session management
Critical security vulnerabilities in software architecture, particularly in web applications.
cross-site request forgery (csrf)
Cross-Site Request Forgery (CSRF) is a type of web security vulnerability where an attacker tricks a user into performing unwanted actions on a website where they are already authenticated
Cross-site scripting (XSS)
Cross-site scripting (XSS) is a web security vulnerability that allows attackers to inject malicious scripts into otherwise trusted websites.
