null
US
Entrar
Registre-se gratuitamente
Registre-se
Detectamos que o JavaScript não está habilitado no teu navegador. Habilite o Javascript para o funcionamento correto do nosso site. Por favor, leia os
Termos e Condições
para mais informações.
Próximo
Copiar e Editar
Você deve estar logado para concluir esta ação!
Inscreva-se gratuitamente
3739229
8. Software Development Security
Descrição
5 Mind Maps (CISSP CBK) Mapa Mental sobre 8. Software Development Security, criado por Marisol Segade em 11-10-2015.
Sem etiquetas
mind maps
cissp cbk
5
Mapa Mental por
Marisol Segade
, atualizado more than 1 year ago
Mais
Menos
Criado por
Marisol Segade
mais de 8 anos atrás
45
1
0
Resumo de Recurso
8. Software Development Security
8.1 Managing the Software Development Lifecycle
Software development lifecycle
Importance of secure software
Microsoft security development lifecycle (SDL)
SDL Phases
Training
Requirements
Design
Implementation
Verification
Release
Response
Post release maintenance
Security Updates
End of life retirement
CISSP EXAM TPS
Security must be naturally integrated in all phases of the development lifecycle
Full disclosure gives organizations the opportunity to implement temporary and/or additional safeguards
Layered controls help to mitigate the risk of a zero-day exploit
8.2 Understanding Software Development Approaches, Models, and Tools
Software development maturity models
SEI CMM - Capability Maturity Model
Integrated product and process development (IPPD)
DevOPs implementation of the IPPD in combination with Agile model
Development project models
Waterfall
V-model
Spiral
RAD
Agile
CASE Tool
Software development testing methodologies
Unit testing
Integration testing
Validation testing
Vulnerability testing
Acceptance testing
Regression testing
CISSP EXAM TIPS
A CMM model can be applied to any size or type organization
DevOps is based on the DoD IPPD technique coupled with the Agile process
Regression testing should verify all major functions and ensure that new flaws were not introduced
8.3 Understanding Source Code Security Issues
Source code flaws
Buffer overflows
Injection
Covert channels
Memory or code reuse
TOC/TOU race conditions
Maintenance hooks
API security - IoT
OAuth
Source code analysis tools
Fuzzing
Software configuration management
CISSP EXAM TIPS
Code review should happen throughout the development lifecycle
Changes to source code should be done in a test environment
Fuzzing is a testing technique that inputs invalid data and monitors response
8.4 Managing Database Security
DBMS
Concurrency
Commit operations
Online Transactions Processing (OLTP)
Rollbacks, checkpoints and savepoints for availability
ACID - transaction code characteristics
Atomicity
Consistency
Isolation
Durability
Access Controls
Data Aggregation, Warehousing, Mining and inference
CISSP EXAM TIPS
Concurrency issues arise when a database is simultaneously accessed by subjects and other objects
Data warehousing can result in combining information that violates privacy
Metadata can be more valuable and revealing than the original components
8.5 Assessing the Security Impact of Acquired Software
Secure acquisition and implementation process
CISSP EXAM TIPS
Security decisions should not be made in isolation
Risk assessments should be required at multiple phases in the procurement and acquisition process
1 vendor assessment
Security should always be an enabler
Quer criar seus próprios
Mapas Mentais
gratuitos
com a GoConqr?
Saiba mais
.
Semelhante
Mind Maps with GoConqr
Manikandan Achan
Mind Maps with GoConqr
croconnor
Mind Maps with GoConqr
Elysa Din
Creating Mind Maps with GoConqr
Andrea Leyden
Creating Mind Maps with GoConqr
Sarah Egan
GoConqr Getting Started Guide
Norman McBrien
Creating Mind Maps with GoConqr
laurie trost
THE WAYS IN WHICH ICT IS USED
antebellsayssup
Mind Maps with GoConqr_1
hurtado13071
The Lungs
Tamara Lancaster
Creating Mind Maps with GoConqr
alisamyfahmy
Explore a Biblioteca