null
US
Sign In
Sign Up for Free
Sign Up
We have detected that Javascript is not enabled in your browser. The dynamic nature of our site means that Javascript must be enabled to function properly. Please read our
terms and conditions
for more information.
Next up
Copy and Edit
You need to log in to complete this action!
Register for Free
3739229
8. Software Development Security
Description
5 Mind Maps (CISSP CBK) Mind Map on 8. Software Development Security, created by Marisol Segade on 11/10/2015.
No tags specified
mind maps
cissp cbk
5
Mind Map by
Marisol Segade
, updated more than 1 year ago
More
Less
Created by
Marisol Segade
over 8 years ago
45
1
0
Resource summary
8. Software Development Security
8.1 Managing the Software Development Lifecycle
Software development lifecycle
Importance of secure software
Microsoft security development lifecycle (SDL)
SDL Phases
Training
Requirements
Design
Implementation
Verification
Release
Response
Post release maintenance
Security Updates
End of life retirement
CISSP EXAM TPS
Security must be naturally integrated in all phases of the development lifecycle
Full disclosure gives organizations the opportunity to implement temporary and/or additional safeguards
Layered controls help to mitigate the risk of a zero-day exploit
8.2 Understanding Software Development Approaches, Models, and Tools
Software development maturity models
SEI CMM - Capability Maturity Model
Integrated product and process development (IPPD)
DevOPs implementation of the IPPD in combination with Agile model
Development project models
Waterfall
V-model
Spiral
RAD
Agile
CASE Tool
Software development testing methodologies
Unit testing
Integration testing
Validation testing
Vulnerability testing
Acceptance testing
Regression testing
CISSP EXAM TIPS
A CMM model can be applied to any size or type organization
DevOps is based on the DoD IPPD technique coupled with the Agile process
Regression testing should verify all major functions and ensure that new flaws were not introduced
8.3 Understanding Source Code Security Issues
Source code flaws
Buffer overflows
Injection
Covert channels
Memory or code reuse
TOC/TOU race conditions
Maintenance hooks
API security - IoT
OAuth
Source code analysis tools
Fuzzing
Software configuration management
CISSP EXAM TIPS
Code review should happen throughout the development lifecycle
Changes to source code should be done in a test environment
Fuzzing is a testing technique that inputs invalid data and monitors response
8.4 Managing Database Security
DBMS
Concurrency
Commit operations
Online Transactions Processing (OLTP)
Rollbacks, checkpoints and savepoints for availability
ACID - transaction code characteristics
Atomicity
Consistency
Isolation
Durability
Access Controls
Data Aggregation, Warehousing, Mining and inference
CISSP EXAM TIPS
Concurrency issues arise when a database is simultaneously accessed by subjects and other objects
Data warehousing can result in combining information that violates privacy
Metadata can be more valuable and revealing than the original components
8.5 Assessing the Security Impact of Acquired Software
Secure acquisition and implementation process
CISSP EXAM TIPS
Security decisions should not be made in isolation
Risk assessments should be required at multiple phases in the procurement and acquisition process
1 vendor assessment
Security should always be an enabler
Show full summary
Hide full summary
Want to create your own
Mind Maps
for
free
with GoConqr?
Learn more
.
Similar
Creating Mind Maps with GoConqr
Andrea Leyden
Creating Mind Maps with GoConqr
Sarah Egan
Mind Maps with GoConqr
Manikandan Achan
Mind Maps with GoConqr
croconnor
Mind Maps with GoConqr
Elysa Din
GoConqr Getting Started Guide
Norman McBrien
Creating Mind Maps with GoConqr
laurie trost
THE WAYS IN WHICH ICT IS USED
antebellsayssup
Mind Maps with GoConqr_1
hurtado13071
The Lungs
Tamara Lancaster
Creating Mind Maps with GoConqr
alisamyfahmy
Browse Library