Computer Security U9 - Software Security

Nick.Bell2013
Mind Map by Nick.Bell2013, updated more than 1 year ago
Nick.Bell2013
Created by Nick.Bell2013 over 7 years ago
38
3

Description

Mind Map on Computer Security U9 - Software Security, created by Nick.Bell2013 on 04/27/2013.

Resource summary

Computer Security U9 - Software Security
1 Need for security
1.1 "holes"
1.1.1 poor/sloppy coding
1.2 Software trends
1.2.1 greater networking = greater exposure
1.2.1.1 increasing size/complexity= harder to police
1.2.1.1.1 greater flexibility = error prone
1.2.1.1.1.1 lack of environment diversity = only 1 major platform
1.2.1.1.1.1.1 increasing market pressure = rushed production
1.3 Penetrate and patch approach
1.3.1 only fixes known vulnerabiliteis
1.3.1.1 only quick fixes
1.3.1.1.1 users may not use patch
1.3.1.1.1.1 targets symptoms not causes
1.3.1.1.1.1.1 users doing testing
1.3.1.1.1.1.1.1 only works on unmodified s/ware
1.4 Open source vs Closed source
1.5 Security principles
1.5.1 part of design process
1.5.1.1 use the K.I.S.S. model
1.5.1.1.1 reduce exposure
1.5.1.1.1.1 ensure "secure failure"
2 S/ware engineering life cycle
2.1 Requirements capture
2.1.1 Design
2.1.1.1 Implementation
2.1.1.1.1 Testing
2.1.1.1.1.1 Support
3 Languages
3.1 C
3.1.1 C++
3.1.1.1 Java
3.1.1.1.1 C#
3.1.1.1.1.1 LISP
4 Access controls
5 Common security problems
5.1 Principle of Least Privilege
5.1.1 buffer overflows
5.1.1.1 input handling
5.1.1.1.1 naming issues
5.1.1.1.1.1 race conditions = TOCTTOU
5.1.1.1.1.1.1 Firewall issues
5.1.1.1.1.1.1.1 cryptographic issues
5.1.1.1.1.1.1.1.1 Bishop's list*
6 Managing security
6.1 risk assessment
6.2 Security testing
6.2.1 black box testing
6.2.2 red teaming
6.3 Management issues
6.3.1 distribution (DRM)
6.3.2 installation
6.3.3 maintennance
6.3.4 documentation
6.3.5 oversight
7 Java security
7.1 objects
7.1.1 inheritance
7.2 platform independence
7.3 language features
7.3.1 type safety
7.3.1.1 exception handling
7.3.2 garbage collection
7.3.2.1 multi-thread
7.4 Sandbox security model
7.5 signed applets
7.6 Java 2
7.7 access control & stack inspection
7.8 hostile applets
7.8.1 maicious applets
7.8.2 attack applets
Show full summary Hide full summary

Similar

Certified Information Systems Security Professional (CISSP)
GoAsk Chaz
Computer Security Potential Flaws
Rob Speirs
SSCP Domains
Abdul Issa
Romeo and Juliet: Key Points
mbennett
Types of Learning Environment
Brandon Tuyuc
1PR101 1.test - 9. část
Nikola Truong
1PR101 2.test - Část 14.
Nikola Truong
Aumento de la densidad
julian david ramirez villegas
REGLAMENTO DE USO LEGAL, ADECUADO Y PROPORCIONAL DE LA FUERZA PARA LA POLICÍA NACIONAL DEL ECUADOR
edwin patrico
Bayonet Charge flashcards
Angeles Mercado
Objetivos de la asignatura Ciencias Natrurales
Rosa Sanchez