Shared Flashcard Set

Details

CISSP: Software Development Security
CISSP
74
Computer Science
Professional
09/15/2012

Additional Computer Science Flashcards

 


 

Cards

Term
How is software security addressed effectively?
Definition
By building it in
Term
What does secure software development require?
Definition
The applications themselves to be secure rather than relying on a secure transfer method
Term
What is often the largest factor negatively impacting security?
Definition
Push to Market
Term
What does the Physical portion of secure development state?
Definition
Access should be limited to project and development personnel only
Term
What is the first rule of testing?
Definition
Never test on a production system
Term
What is the difference between the SLC and the SDLC?
Definition
The Software Life Cycle includes post development operation and maintenance phases as well
Term
What is the Software Development Method that is characterized by each phase containing a list of activities that must be completed before the next phase begins?
Definition
Waterfall
Term
What type of Software Development Method is akin to a Project Plan?
Definition
Waterfall
Term
What is the Software Development Method that is characterized by each phase requiring a risk assessment review?
Definition
Spiral
Term
What is the Software Development Method that is characterized by ensuring there are no defects and making sure code is written correctly the first time?
Definition
Clean Room
Term
What is the Software Development Method that is characterized by requiring that processes be defined, development to be modular, and each phase to be subject to reviews and approvals?
Definition
Structured Programming Development
Term
What is the Software Development Method that is characterized by successive refinements of requirements, designing, and coding
Definition
Iterative Development
Term
What is the Software Development Method that is characterized by having the people who do the job heavily involved in the designing of the solution?
Definition
Joint Analysis Development
Term
What is the Software Development Method that is characterized by building a simplified version, gathering feedback, and then building a final product?
Definition
Prototyping
Term
What is the Software Development Method that is characterized by strict time limits on each phase?
Definition
Rapid Application Development
Term
What is the Software Development Method that is characterized by development with short development iterations to reduce risk?
Definition
Agile Development
Term
What is the Software Development Method that is characterized by large, complex projects that involve multiple software components and many people.
Definition
Computer Aided Software Engineering
Term
What is the Software Development Method that is characterized by using standardized, building-block components that can be used to assemble an application?
Definition
Component-Based Model
Term
What is the Software Development Method that is characterized by using existing components?
Definition
Reuse Model
Term
A ____________ is a program that translates an assembly-language program into machine language.
Definition
Assembler
Term
A __________ translates high level language into machine language
Definition
Compiler
Term
A ____________ translates code statement by statement rather than all at once.
Definition
Interpreter
Term
_____________ are used to interface a program with the system.
Definition
Drivers
Term
In Object Oriented Programming, a ________ is a template for object
Definition
Class
Term
In Object Oriented Programming, a ________ is an instance of a class
Definition
Object
Term
In Object Oriented Programming, a ________ is a request from an object
Definition
message
Term
In Object Oriented Programming, ________ refers to programs deriving its data and functionality from the calling object
Definition
Inheritence
Term
In Object Oriented Programming, ________ refers to different objects responding to the same command in different ways.
Definition
Polymorphism
Term
In Object Oriented Programming, ________ refers to creating a new version of an object by changing its attributes.
Definition
Polyinstantiation
Term
_________________ entails programs located on different computers cooperating in the same application.
Definition
Distributed computing
Term
What does SOAP stand for?
Definition
Simple Object Access Protocol
Term
A ______________ is a weakness of both poor coding and programming language vulnerabilities
Definition
Buffer Overflow
Term
A ___________ is inserting a series of statements into a "query" by manipulating data input into an application
Definition
SQL Injection
Term
__________ flaws occur whenever an application takes user-supplied data and sends it to a web browser without first validating that content.
Definition
Cross Site Scripting
Term
A __________ is an error in software code that points to an object that has been deleted
Definition
Dangling Pointer
Term
A _____________ is a contact between a caller and a call-ee.
Definition
Application Programming Interface (API)
Term
A _________ is when two or more processes using the same resource falsely depend on the state of that resource remaining constant.
Definition
Race Condition
Term
_____________ is a means of surreptitiously transferring information from a higher classification to a lower classification.
Definition
Covert Channels
Term
____________ communicate by modifying a stored object.
Definition
Storage Channels
Term
________________ transmit information by affecting the relative timing of events.
Definition
Timing Channels
Term
A _______ is a mechanism embedded into a program that allows the normal security access procedures to be bypassed
Definition
Trap Door
Term
A ___________ is a hidden software or hardware mechanism intentionally placed in a system by a vendor that can be triggered to circumvent system protection mechanisms.
Definition
Maintenance Hook
Term
______________ occurs when system resources are consumed by illegitimate processes so that legitimate processes cannot run.
Definition
Denial Of Service
Term
____________ are large groups of computers that can be activated to do the bidding of the person controlling them.
Definition
Botnets
Term
___________ allow an attacker to gain administrator access to a compromised machine
Definition
Rootkits
Term
A ___________ is defined by its ability to reproduce and spread, but generally requires actions by users.
Definition
Virus
Term
A __________ is similar to a virus, but does not generally require user action to spread.
Definition
Worm
Term
A _____________ infects the master boot record, system boot record, or other boot record.
Definition
Boot Sector Infector
Term
A ___________ is a virus that can infect multiple types of objects.
Definition
Mltipartite
Term
___________ are usually stand alone files that can be executed by an interpreter.
Definition
Script Virus
Term
A ____________ is a malicious piece of code that poses as a positive/desirable utility
Definition
Trojan Horse
Term
A ___________ waits for a condition or time to release its negative payload.
Definition
Logic Bomb
Term
A _____________ intentionally corrupts data, generally by small increments over time.
Definition
Data Diddler
Term
What is the best defense against malware of all kinds?
Definition
Effective and workable policies
Term
____________ store records in a single table, have parent/child relationships, are limited to a single tree, and make it difficult to link branches.
Definition
Hierarchical Database Management Systems
Term
What is the most frequently used DBMS?
Definition
Relational
Term
Where is data stored in a relational databse?
Definition
Tables
Term
In a Relational Database, a ___________ uniquely identifies each row and assists with indexing the table.
Definition
Primary Key
Term
In a Relational Database, a ___________ is a primary key value in a table in which it is not the primary key.
Definition
Foreign Key
Term
___________ is the searching of the data in a data warehouse to extract valuable information from the data in the warehouse.
Definition
Data Mining
Term
In relation to the ACID test, what does Atomicity mean?
Definition
All changes take effect or none do
Term
In relation to the ACID test, what does Consistency mean?
Definition
When the database is translated from one valid state to another, it remains compliant with the rules of the database
Term
In relation to the ACID test, what is isolation?
Definition
The reults of the transaction are invisible to other transactions until the transaction is complete.
Term
In relation to the ACID test, what is durability?
Definition
Ensures completed transactions can survive future systems and media failures.
Term
What does ACID in an ACID test stand for?
Definition
Atomicity, Consistency, Isolation, and Durabilty
Term
Which database language is the ANSI standard?
Definition
SQL
Term
What does SQL stand for?
Definition
Structured Query Language
Term
In separation of duties, sensitive transactions must be designed to require a minimum of _____________.
Definition
Dual Control
Term
What is the easiest effective control against a SQL injection?
Definition
Validating Input
Term
Why is it important to build security into an application rather than adding it later?
Definition
To provide more layers of security and make it harder to circumvent
Term
What three things must cryptographic data protection controls include?
Definition
Key creation, storage, and management
Term
A ___________ lists agreed-upon objectives and deliverables, which helps prevent scope creep.
Definition
SOW
Term
A database that uses pre-defined groupings of data that can only be accessed based upon a user's authorization level, uses which which database access control?
Definition
View Control
Term
A ____________ describes an attack where the perpetrator uses information gained through authorized activity to reach conclusions about restricted data.
Definition
Inference Attack
Supporting users have an ad free experience!