Copy and Edit

Computer Security U9 - Software Security

Description

Mind Map on Computer Security U9 - Software Security, created by Nick.Bell2013 on 27/04/2013.
Nick.Bell2013
Mind Map by Nick.Bell2013, updated more than 1 year ago
Nick.Bell2013
Created by Nick.Bell2013 about 11 years ago
46
3
0

Resource summary

Computer Security U9 - Software Security
  1. Need for security
    1. "holes"
      1. poor/sloppy coding
      2. Software trends
        1. greater networking = greater exposure
          1. increasing size/complexity= harder to police
            1. greater flexibility = error prone
              1. lack of environment diversity = only 1 major platform
                1. increasing market pressure = rushed production
        2. Penetrate and patch approach
          1. only fixes known vulnerabiliteis
            1. only quick fixes
              1. users may not use patch
                1. targets symptoms not causes
                  1. users doing testing
                    1. only works on unmodified s/ware
          2. Open source vs Closed source
            1. Security principles
              1. part of design process
                1. use the K.I.S.S. model
                  1. reduce exposure
                    1. ensure "secure failure"
            2. S/ware engineering life cycle
              1. Requirements capture
                1. Design
                  1. Implementation
                    1. Testing
                      1. Support
              2. Languages
                1. C
                  1. C++
                    1. Java
                      1. C#
                        1. LISP
                2. Access controls
                  1. Common security problems
                    1. Principle of Least Privilege
                      1. buffer overflows
                        1. input handling
                          1. naming issues
                            1. race conditions = TOCTTOU
                              1. Firewall issues
                                1. cryptographic issues
                                  1. Bishop's list*
                    2. Managing security
                      1. risk assessment
                        1. Security testing
                          1. black box testing
                            1. red teaming
                            2. Management issues
                              1. distribution (DRM)
                                1. installation
                                  1. maintennance
                                    1. documentation
                                      1. oversight
                                    2. Java security
                                      1. objects
                                        1. inheritance
                                        2. platform independence
                                          1. language features
                                            1. type safety
                                              1. exception handling
                                              2. garbage collection
                                                1. multi-thread
                                              3. Sandbox security model
                                                1. signed applets
                                                  1. Java 2
                                                    1. access control & stack inspection
                                                      1. hostile applets
                                                        1. maicious applets
                                                          1. attack applets
                                                        Show full summary Hide full summary

                                                        Want to create your own Mind Maps for free with GoConqr? Learn more.

                                                        Similar

                                                        Certified Information Systems Security Professional (CISSP)
                                                        GoAsk Chaz
                                                        SSCP Domains
                                                        Abdul Issa
                                                        Computer Security Potential Flaws
                                                        Rob Speirs
                                                        PHYSICS P1 1
                                                        x_clairey_x
                                                        Geography Unit 1, World at Risk Compulsory Case Study 3 - Impact of climate change on the Arctic region
                                                        Holly Lovering
                                                        CUMULATIVE FREQUENCY DIAGRAMS
                                                        Elliot O'Leary
                                                        All Edexcel GCSE PE key terms
                                                        Millie Berrett
                                                        Business Studies - KEY TERMS
                                                        Dani Whitrick
                                                        Ancient China - Glossary of Terms
                                                        Ms M
                                                        Present Simple/Past Simple Tenses
                                                        learning.buzz.in
                                                        3MA114 Management_test 1/2
                                                        Jakub Beyr
                                                        Browse Library