null
US
Iniciar Sesión
Regístrate Gratis
Registro
Hemos detectado que no tienes habilitado Javascript en tu navegador. La naturaleza dinámica de nuestro sitio requiere que Javascript esté habilitado para un funcionamiento adecuado. Por favor lee nuestros
términos y condiciones
para más información.
Siguiente
Copiar y Editar
¡Debes iniciar sesión para completar esta acción!
Regístrate gratis
3739229
8. Software Development Security
Descripción
5 (CISSP CBK) Mind Maps Mapa Mental sobre 8. Software Development Security, creado por Marisol Segade el 11/10/2015.
Sin etiquetas
mind maps
cissp cbk
5
Mapa Mental por
Marisol Segade
, actualizado hace más de 1 año
Más
Menos
Creado por
Marisol Segade
hace más de 8 años
45
1
0
Resumen del Recurso
8. Software Development Security
8.1 Managing the Software Development Lifecycle
Software development lifecycle
Importance of secure software
Microsoft security development lifecycle (SDL)
SDL Phases
Training
Requirements
Design
Implementation
Verification
Release
Response
Post release maintenance
Security Updates
End of life retirement
CISSP EXAM TPS
Security must be naturally integrated in all phases of the development lifecycle
Full disclosure gives organizations the opportunity to implement temporary and/or additional safeguards
Layered controls help to mitigate the risk of a zero-day exploit
8.2 Understanding Software Development Approaches, Models, and Tools
Software development maturity models
SEI CMM - Capability Maturity Model
Integrated product and process development (IPPD)
DevOPs implementation of the IPPD in combination with Agile model
Development project models
Waterfall
V-model
Spiral
RAD
Agile
CASE Tool
Software development testing methodologies
Unit testing
Integration testing
Validation testing
Vulnerability testing
Acceptance testing
Regression testing
CISSP EXAM TIPS
A CMM model can be applied to any size or type organization
DevOps is based on the DoD IPPD technique coupled with the Agile process
Regression testing should verify all major functions and ensure that new flaws were not introduced
8.3 Understanding Source Code Security Issues
Source code flaws
Buffer overflows
Injection
Covert channels
Memory or code reuse
TOC/TOU race conditions
Maintenance hooks
API security - IoT
OAuth
Source code analysis tools
Fuzzing
Software configuration management
CISSP EXAM TIPS
Code review should happen throughout the development lifecycle
Changes to source code should be done in a test environment
Fuzzing is a testing technique that inputs invalid data and monitors response
8.4 Managing Database Security
DBMS
Concurrency
Commit operations
Online Transactions Processing (OLTP)
Rollbacks, checkpoints and savepoints for availability
ACID - transaction code characteristics
Atomicity
Consistency
Isolation
Durability
Access Controls
Data Aggregation, Warehousing, Mining and inference
CISSP EXAM TIPS
Concurrency issues arise when a database is simultaneously accessed by subjects and other objects
Data warehousing can result in combining information that violates privacy
Metadata can be more valuable and revealing than the original components
8.5 Assessing the Security Impact of Acquired Software
Secure acquisition and implementation process
CISSP EXAM TIPS
Security decisions should not be made in isolation
Risk assessments should be required at multiple phases in the procurement and acquisition process
1 vendor assessment
Security should always be an enabler
Mostrar resumen completo
Ocultar resumen completo
¿Quieres crear tus propios
Mapas Mentales
gratis
con GoConqr?
Más información
.
Similar
Mind Maps with GoConqr
Manikandan Achan
Mind Maps with GoConqr
croconnor
Mind Maps with GoConqr
Elysa Din
Creating Mind Maps with GoConqr
Andrea Leyden
Creating Mind Maps with GoConqr
Sarah Egan
GoConqr Getting Started Guide
Norman McBrien
Creating Mind Maps with GoConqr
laurie trost
THE WAYS IN WHICH ICT IS USED
antebellsayssup
Mind Maps with GoConqr_1
hurtado13071
The Lungs
Tamara Lancaster
Creating Mind Maps with GoConqr
alisamyfahmy
Explorar la Librería