8. Software Development Security

Marisol Segade
Mind Map by Marisol Segade, updated more than 1 year ago
Marisol Segade
Created by Marisol Segade over 4 years ago
30
1

Description

5 Mind Maps (CISSP CBK) Mind Map on 8. Software Development Security, created by Marisol Segade on 10/11/2015.

Resource summary

8. Software Development Security
1 8.1 Managing the Software Development Lifecycle
1.1 Software development lifecycle
1.2 Importance of secure software
1.3 Microsoft security development lifecycle (SDL)
1.4 SDL Phases
1.4.1 Training
1.4.2 Requirements
1.4.3 Design
1.4.4 Implementation
1.4.5 Verification
1.4.6 Release
1.4.7 Response
1.5 Post release maintenance
1.6 Security Updates
1.7 End of life retirement
1.8 CISSP EXAM TPS
1.8.1 Security must be naturally integrated in all phases of the development lifecycle
1.8.2 Full disclosure gives organizations the opportunity to implement temporary and/or additional safeguards
1.8.3 Layered controls help to mitigate the risk of a zero-day exploit
2 8.2 Understanding Software Development Approaches, Models, and Tools
2.1 Software development maturity models
2.2 SEI CMM - Capability Maturity Model
2.3 Integrated product and process development (IPPD)
2.4 DevOPs implementation of the IPPD in combination with Agile model
2.5 Development project models
2.5.1 Waterfall
2.5.2 V-model
2.5.3 Spiral
2.5.4 RAD
2.5.5 Agile
2.6 CASE Tool
2.7 Software development testing methodologies
2.7.1 Unit testing
2.7.2 Integration testing
2.7.3 Validation testing
2.7.4 Vulnerability testing
2.7.5 Acceptance testing
2.7.6 Regression testing
2.8 CISSP EXAM TIPS
2.8.1 A CMM model can be applied to any size or type organization
2.8.2 DevOps is based on the DoD IPPD technique coupled with the Agile process
2.8.3 Regression testing should verify all major functions and ensure that new flaws were not introduced
3 8.3 Understanding Source Code Security Issues
3.1 Source code flaws
3.1.1 Buffer overflows
3.1.2 Injection
3.1.3 Covert channels
3.1.4 Memory or code reuse
3.1.5 TOC/TOU race conditions
3.1.6 Maintenance hooks
3.2 API security - IoT
3.3 OAuth
3.4 Source code analysis tools
3.5 Fuzzing
3.6 Software configuration management
3.7 CISSP EXAM TIPS
3.7.1 Code review should happen throughout the development lifecycle
3.7.2 Changes to source code should be done in a test environment
3.7.3 Fuzzing is a testing technique that inputs invalid data and monitors response
4 8.4 Managing Database Security
4.1 DBMS
4.2 Concurrency
4.3 Commit operations
4.4 Online Transactions Processing (OLTP)
4.5 Rollbacks, checkpoints and savepoints for availability
4.6 ACID - transaction code characteristics
4.6.1 Atomicity
4.6.2 Consistency
4.6.3 Isolation
4.6.4 Durability
4.7 Access Controls
4.8 Data Aggregation, Warehousing, Mining and inference
4.9 CISSP EXAM TIPS
4.9.1 Concurrency issues arise when a database is simultaneously accessed by subjects and other objects
4.9.2 Data warehousing can result in combining information that violates privacy
4.9.3 Metadata can be more valuable and revealing than the original components
5 8.5 Assessing the Security Impact of Acquired Software
5.1 Secure acquisition and implementation process
5.2 CISSP EXAM TIPS
5.2.1 Security decisions should not be made in isolation
5.2.2 Risk assessments should be required at multiple phases in the procurement and acquisition process
5.2.2.1
5.2.2.2 1 vendor assessment
5.2.3 Security should always be an enabler
Show full summary Hide full summary

Similar

Creating Mind Maps with GoConqr
Andrea Leyden
Mind Maps with GoConqr
croconnor
Creating Mind Maps with GoConqr
Sarah Egan
Mind Maps with GoConqr
Manikandan Achan
Mind Maps with GoConqr
Elysa Din
GoConqr Getting Started Guide
Norman McBrien
Planeación estratégica
FAYZULY FREILE RIVERA ESTUDIANTE
ARCO REFLEJO
Alejandra Garcia
4ta "P" de la mezcla de mercadeo: PROMOCIÓN
Gabriela Sánchez Idrovo
PLANIFICACIÓN ESTRATÉGICA
Carmen Elena Perez Fernandez
ARCO REFLEJO
Alejandra Garcia