8. Software Development Security

Description

5 Mind Maps (CISSP CBK) Mind Map on 8. Software Development Security, created by Marisol Segade on 11/10/2015.
Marisol Segade
Mind Map by Marisol Segade, updated more than 1 year ago
Marisol Segade
Created by Marisol Segade over 8 years ago
45
1

Resource summary

8. Software Development Security
  1. 8.1 Managing the Software Development Lifecycle
    1. Software development lifecycle
      1. Importance of secure software
        1. Microsoft security development lifecycle (SDL)
          1. SDL Phases
            1. Training
              1. Requirements
                1. Design
                  1. Implementation
                    1. Verification
                      1. Release
                        1. Response
                        2. Post release maintenance
                          1. Security Updates
                            1. End of life retirement
                              1. CISSP EXAM TPS
                                1. Security must be naturally integrated in all phases of the development lifecycle
                                  1. Full disclosure gives organizations the opportunity to implement temporary and/or additional safeguards
                                    1. Layered controls help to mitigate the risk of a zero-day exploit
                                  2. 8.2 Understanding Software Development Approaches, Models, and Tools
                                    1. Software development maturity models
                                      1. SEI CMM - Capability Maturity Model
                                        1. Integrated product and process development (IPPD)
                                          1. DevOPs implementation of the IPPD in combination with Agile model
                                            1. Development project models
                                              1. Waterfall
                                                1. V-model
                                                  1. Spiral
                                                    1. RAD
                                                      1. Agile
                                                      2. CASE Tool
                                                        1. Software development testing methodologies
                                                          1. Unit testing
                                                            1. Integration testing
                                                              1. Validation testing
                                                                1. Vulnerability testing
                                                                  1. Acceptance testing
                                                                    1. Regression testing
                                                                    2. CISSP EXAM TIPS
                                                                      1. A CMM model can be applied to any size or type organization
                                                                        1. DevOps is based on the DoD IPPD technique coupled with the Agile process
                                                                          1. Regression testing should verify all major functions and ensure that new flaws were not introduced
                                                                        2. 8.3 Understanding Source Code Security Issues
                                                                          1. Source code flaws
                                                                            1. Buffer overflows
                                                                              1. Injection
                                                                                1. Covert channels
                                                                                  1. Memory or code reuse
                                                                                    1. TOC/TOU race conditions
                                                                                      1. Maintenance hooks
                                                                                      2. API security - IoT
                                                                                        1. OAuth
                                                                                          1. Source code analysis tools
                                                                                            1. Fuzzing
                                                                                              1. Software configuration management
                                                                                                1. CISSP EXAM TIPS
                                                                                                  1. Code review should happen throughout the development lifecycle
                                                                                                    1. Changes to source code should be done in a test environment
                                                                                                      1. Fuzzing is a testing technique that inputs invalid data and monitors response
                                                                                                    2. 8.4 Managing Database Security
                                                                                                      1. DBMS
                                                                                                        1. Concurrency
                                                                                                          1. Commit operations
                                                                                                            1. Online Transactions Processing (OLTP)
                                                                                                              1. Rollbacks, checkpoints and savepoints for availability
                                                                                                                1. ACID - transaction code characteristics
                                                                                                                  1. Atomicity
                                                                                                                    1. Consistency
                                                                                                                      1. Isolation
                                                                                                                        1. Durability
                                                                                                                        2. Access Controls
                                                                                                                          1. Data Aggregation, Warehousing, Mining and inference
                                                                                                                            1. CISSP EXAM TIPS
                                                                                                                              1. Concurrency issues arise when a database is simultaneously accessed by subjects and other objects
                                                                                                                                1. Data warehousing can result in combining information that violates privacy
                                                                                                                                  1. Metadata can be more valuable and revealing than the original components
                                                                                                                                2. 8.5 Assessing the Security Impact of Acquired Software
                                                                                                                                  1. Secure acquisition and implementation process
                                                                                                                                    1. CISSP EXAM TIPS
                                                                                                                                      1. Security decisions should not be made in isolation
                                                                                                                                        1. Risk assessments should be required at multiple phases in the procurement and acquisition process
                                                                                                                                            1. 1 vendor assessment
                                                                                                                                            2. Security should always be an enabler
                                                                                                                                          Show full summary Hide full summary

                                                                                                                                          Similar

                                                                                                                                          Creating Mind Maps with GoConqr
                                                                                                                                          Andrea Leyden
                                                                                                                                          Creating Mind Maps with GoConqr
                                                                                                                                          Sarah Egan
                                                                                                                                          Mind Maps with GoConqr
                                                                                                                                          Manikandan Achan
                                                                                                                                          Mind Maps with GoConqr
                                                                                                                                          croconnor
                                                                                                                                          Mind Maps with GoConqr
                                                                                                                                          Elysa Din
                                                                                                                                          GoConqr Getting Started Guide
                                                                                                                                          Norman McBrien
                                                                                                                                          Creating Mind Maps with GoConqr
                                                                                                                                          laurie trost
                                                                                                                                          THE WAYS IN WHICH ICT IS USED
                                                                                                                                          antebellsayssup
                                                                                                                                          Mind Maps with GoConqr_1
                                                                                                                                          hurtado13071
                                                                                                                                          The Lungs
                                                                                                                                          Tamara Lancaster
                                                                                                                                          Creating Mind Maps with GoConqr
                                                                                                                                          alisamyfahmy