Computer-aided Software Engineering

• involves the use of tools to create and manage software.
• many of the manual tasks are taken care of through automation with the use of CASE tools
• program editors, debuggers, code analyzers, and version-control mechanisms

• These attacks are performed by sending malformed packets to a system that does not recognize the format and thus does not know how to properly process it
• DoS attacks can consume a victim’s bandwidth by flooding the network connection either from an attacker with more bandwidth than the victim or from several attackers working together
• Another type of DoS attack uses up all of the victim’s resources instead of consuming the network’s bandwidth

• Uses ICMP (ping) to saturate network
• smurf attack requires three players: the attacker, the victim, and the amplifying network
• The attacker spoofs (changes the source IP address in a packet header) to make an ICMP ECHO REQUEST packet seem as though it originated at the victim’s system. This ICMP ECHO REQUEST message is broadcast to the amplifying network, CISSP All-in-One Exam Guide 1032 which replies to the message in full force. The victim system and network are overwhelmed

• an attack that is similar to smurf, but instead of using ICMP, it employs the User Datagram Protocol (UDP)
• attacker broadcasts a spoofed UDP packet to the amplifying network, which in turn replies to the victim’s system. The larger the amplifying network, the larger the amount of traffic that is pointed at the victim’s system

• Systems, and their network stack, are expected to only have to deal with a certain number of SYN/ACK connections, so they have allocated only a certain amount of resources necessary for these types of functions
• Attackers can take advantage of a design flaw by continually sending the victim SYN messages with spoofed packets

• involves sending malformed fragmented packets to a vulnerable system
• receiving system, the victim, would receive the fragments and attempt to recombine them, but these fragments have been made in such a way by an attacker that they cannot be properly reassembled
• could cause a system to freeze or reboot

• logical extension of the DoS attack that gets more computers involved in the act
• DDoS attack uses hundreds or thousands of computers to request services from a server or server farm until the system or web site is no longer functional
• attacker creates master controllers that can in turn control slaves, or zombie machines

• does not require a host application to replicate.
• An independent program that can reproduce by copying itself from one system to another. It may damage data directly or degrade system performance by tying up resources.

• when different objects respond to the same command, input, or message in different ways

• describes procedures, principles, and practices that underlie software development process maturity
• a more disciplined and repeatable method that improves software quality, reduces the life cycle of development, provides better project management capabilities, allows for milestones to be created and met in a timely manner, and takes a more proactive approach than the less effective reactive approach 
• provides policies, procedures, guidelines, and best practices to allow an organization to develop a standardized approach to software development that can be used across many different groups
• software development companies can be evaluated against the CMM as a selling point for their services and quality

Common Gateway Interface

• used in websites that require a user to input information.
• CGI scripts or executables are used to translate, respond to request, build a new web page, and then send it to the user.
• User is then presented with data based on his/her input

• Project initiation
• funtional design analysis and planning
• system design specifications
• software development
• installation
• maintenance support
• disposal 

• SW development method
• A classical method using discrete phases of development that require formal reviews and documentation before moving into the next phase of the project.

Common Object Request Broker Architecture

• intercomponent communication architectures
• open object-oriented standard architecture developed by the Object Management Group (OMG).
• provides interoperability among the vast array of software, platforms, and hardware in environments
• enables applications to communicate with one another no matter where the applications are located or who developed them

• a mechanism used to take a copy of an object and repopulate it with different data or modify its characteristics in some way.
• an access control used mainly in databases to allow multiple rows to be tied to one primary key. Data can then be accessed in different ways and by different levels of users.

Artificial Neural Networks

• a mathematical or computational model based on the neural structure of the brain
• ANNs contain many units that stimulate neurons, each with a small amount of memory
• ANNs try to replicate the basic functions of neurons and their circuitry to solve problems in a new way

• Built on the foundation of human logic
• decision making process involves "if/then" statements and an inference engine
• Expert systems are used to mimic human reasoning and replace human experts.
• Expert systems use inference engine processing, automatic logical processing, and general methods of searching for problem solutions.

• Data mining is also known as Knowledge Discover in Database (KDD)
• classification - data is grouped together according to shared similarities
• Probablistic - data interdependencies are identified and probabilities are applied to their relationships
• statistical - identifies relationships between data elements and uses rule discovery

• database term for a row
• a row in a relational database model representing a relationship among a set of values

• A column in a relational database

• A communications path that enables a process to transmit information in a way that violates the system’s security policy.
• • Covert timing channel - A covert channel in which one process modulates its system resource (for example, CPU cycles), which is interpreted by a second process as some type of communication.
  • Covert Storage Channel - A covert channel that involves writing to a storage location by one process and the direct or indirect reading of the storage location by another process. Covert storage channels typically involve a resource (for example, sectors on a disk) that is shared by two subjects at different security levels.

• Hierarchal
• Relational 
• Network
• Object-Oriented
• Object-Related

Open Database Connectivity

• An application programming interface (API) that allows an application to communicate with a database either locally or remotely
• allows different types of applications to communicate with different types of databases. Apps send requests to the ODBC and it finds the necessary driver and sends the request to the database.

1. Initial 
2. Repeatable 
3. Defined
4. Managed
5. Optimizing

1. Machine Language
2. Assembly Language
3. High-Level Language
4. Very High-Level Language
5. Artificial Intelligence and natural language

• database software should implement the characteristics of the ACID test
• • Atomicity - Divides transactions into units of work and ensures that all modifications take effect or none takes effect. Either the changes are committed or the database is rolled back.
  • Consistency - A transaction must follow the integrity policy developed for that particular database and ensure all data are consistent in the different databases.
  • Isolation - Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.
  • Durability - Once the transaction is verified as accurate on all systems, it is committed, and the databases cannot be rolled back.