Download Secure Software Design Study Guide - C706: Questions and Answers with Verified Solutions and more Exams Software Development in PDF only on Docsity!
Secure Software Design Study Guide - C
Questions and Answers with Verified
Solutions| Latest 2025 Update | Graded A+
Confidentiality - ✔✔Information is not made available or disclosed to unauthorized individuals, entities, or processes. Ensures unauthorized persons are not able to read private and sensitive data. It is achieved through cryptography. Integrity - ✔✔Ensures unauthorized persons or channels are not able to modify the data. It is accomplished through the use of a message digest or digital signatures. Availability - ✔✔The computing systems used to store and process information, the security controls used to protect information, and the communication channels used to access information must be functioning correctly. Ensures system remains operational even in the event of a failure or an attack. It is achieved by providing redundancy or fault tolerance for a failure of a system and its components. Ensure Confidentiality - ✔✔Public Key Infrastructure (PKI) and Cryptography/Encryption Ensure Availability - ✔✔Offsite back-up and Redundancy Ensure Integrity - ✔✔Hashing, Message Digest (MD5), non repudiation and digital signatures
Software Architect - ✔✔Moves analysis to implementation and analyzes the requirements and use cases as activities to perform as part of the development process; can also develop class diagrams. Security Practitioner Roles - ✔✔Release Manager, Architect, Developer, Business Analyst/Project Manager Release Manager - ✔✔Deployment Architect - ✔✔Design Developer - ✔✔Coding Business Analyst/Project Manager - ✔✔Requirements Gathering Red Team - ✔✔Teams of people familiar with the infrastructure of the company and the languages of the software being developed. Their mission is to kill the system as the developers build it. Static Analysis - ✔✔A method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards. It's also referred as code review.
security-relevant faults - ✔✔"Sponsored," i.e., intentionally created and activated through conscious and intentional human agency. Fuzz Testing - ✔✔Used to see if the system has solid exception handling to the input it receives. Is the use of malformed or random input into a system in order to intentionally produce failure. This is a very easy process of feeding garbage to the system when it expects a formatted input, and it is always a good idea to feed as much garbage as possible to an input field. Three (3) Tier - ✔✔Removes the business logic from the client end of the system. It generally places the business logic on a separate server from the client. The data access portion of the system resides separately from both the client and the business logic platform. T-MAP - ✔✔Defines a set of threat-relevant attributes for each layer or node. These can be classified as probability-relevant, size-of-loss relevant, or descriptive. These are primarily derived from Common Vulnerability Scoring System (CVSS). USC's Threat Modeling based on Attacking Path analysis is a risk management approach that quantifies total severity weights of relevant attacking paths for COTS-based systems. Its strengths lie in its ability to maintain sensitivity to an organization's business value priorities and IT environment, to prioritize and estimate security investment effectiveness and evaluate performance, and to communicate executive-friendly vulnerability details as threat profiles to help evaluate cost efficiency. Trike - ✔✔An open source conceptual framework, methodology, and tool set designed to auto- generate repeatable threat models. Its methodology enables the risk analyst to accurately and completely describe the security characteristics of the system, from high-level architecture to
low-level implementation of details. It also requires building a defensive model of the subject system. SDL Threat Modeling Tool - ✔✔This free tool builds on Microsoft Visio and provides a tool for constructing graphic representations for the system without requiring expertise in security and also has the capability of graphically representing a software system and identifying vulnerabilities. Vulnerability Mapping - ✔✔Used to determine the most likely locations within the system in development where an attacker will strike. This is done on the design phase of the SDLC. V3 - ✔✔The highest level of vulnerability. This is a very likely target for an attacker, such as free text input in a form. These are the highest priory for a security plan for the system and these should all be mitigated and accounted for by established control systems in development. V2 - ✔✔A moderate level vulnerability. These are possible but not probable targets. These will include inter-process communications on the server or traffic within the trust boundary of the system. Eavesdropping is the most significant risk in this situation. These vulnerabilities should always be mitigated in the system, but in a trade off analysis, strict control may not be necessary as long as a procedure is in place to fail safely and protect any private or confidential data. V1 - ✔✔The lowest priority level of vulnerability. These are unlikely venues of attack with little risk if they are exploited. Failing safely is the most important concern at this level, because the data associated with this vulnerability has no value, and the process involved is not mission
Types of Vulnerability Mapping - ✔✔Activity Diagram, Kiviat Diagram, Identify the Assets, Agile Model, V1, V2, V Agile attributes - ✔✔Cyclical Process. Supports quick prototyping and limits the time spent thinking about the problem as a whole. Waterfall attributes - ✔✔Similar to interactive model and main components are planning, development and deployment. Chrystal Clear attributes - ✔✔Can be applied to teams of up to 6 or 8 co-located developers working on systems that are not life-critical. This family of methodologies focuses on efficiency and habitability as components of project safety. Focuses on people, not processes or artifacts. Roles may be filed by the same people, including a project manager and a business expert. Waterfall attributes - ✔✔A sequential (non-iterative / Limited Interaction) design process, used in software development, in which progress is seen as flowing down through the phases of conception, initiation, analysis, design, construction, testing, production/implementation and maintenance. All the requirements will be specified in the first step, uses a document driven approach (large amount of documentation) and has specific and identifiable stages. It also provides a resource to entry level developers with limited exposure. Waterfall Methodology Security concerns - ✔✔Requirement Analysis: Define Security Features Design: Misuse cases and vulnerability mapping Construction and Implementation: Secure Coding practices
Testing: Penetration Assessment Installation: Final Security Review Operation or Maintenance: Periodic security review and updates Digital Signature - ✔✔A mathematical scheme for demonstrating the authenticity of a message or document. Gives a recipient reason to believe that the message was created by a known sender, that the sender cannot deny having sent the message (authentication and non- repudiation), and that the message was not altered in transit (integrity). It also can be used as proof of approval by an authorized user. Redundancy - ✔✔The existence of data that is additional to the actual data and permits correction of errors in stored or transmitted data. The additional data can be simply a complete copy of the actual data, or only select pieces of data that allow detection of errors and reconstruction of lost or damaged data up to a certain level. This will make sure that all data will always be available, the data will not be lost and it will be stored at a another location for failover reasons. Hashing: - ✔✔The process of using an algorithm for verifying the integrity or authenticity of a computer file. This can be done by comparing two files bit-by-bit, but requires two copies of the same file, and may miss systematic corruptions which might occur to both files. A more popular approach is to also store checksums (message digests) of files for later comparison. Software Assurance - ✔✔Ensures that the processes, procedures, and products used to produce and sustain the software conform to all requirements and standards specified to govern those processes, procedures, and products. This can be also used to make sure that any
Monitoring, Delivery and Support - ✔✔The control domain for the sustainment phase of the SDLC. Coding - ✔✔Takes place in the construction phase of the SDLC. Task Refinement - ✔✔Specific security activities must be identified when integrating security requirements into a work breakdown structure for the new software development effort. Release Manager - ✔✔Conducts the code review process as one of the parts or processes of the software development. Can also deploy the finished product to the various environments at project completion. Business Analyst - ✔✔Has the SDLC role to identify the requirements of an application (example: Web Application), must be able to identify who will be impacted by such an application. Once the application is developed in a test environment, must insure that the user acceptance testing is completed and to standards. Tester Role - ✔✔Has the responsibility to prepare a document plan that will verify that a systems code performs the proper actions that it was designed to do. SQL Injection - ✔✔A technique, used to attack data-driven applications, in which nefarious statements are inserted into an entry field for execution. This can be done from any form or
place that allows the attacker to enter any type of information which is somewhat connected to a database. Beta version - ✔✔The focus is reducing impacts to users, often incorporating usability testing and expectation of functionality. This software is often useful for demonstrations and previews within an organization and to prospective customers. STRIDE categories - ✔✔Spoofing Identity, Tampering with Data, Repudiation, Information Disclosure, Denial of Service, Elevation of Privilege STRIDE - ✔✔A classification scheme for characterizing/measuring known threats/vulnerabilities according to the kinds of exploit that are used (or motivation of the attacker). It also focuses on the end results of possible attacks rather than on the identification of each specific attack. Spoofing Identity - ✔✔A key risk for applications that have many users but provide a single execution context at the application and database level. In particular, users should not be able to become any other user or assume the attributes of another user. Tampering with Data - ✔✔Users can potentially change data delivered to them, return it, and thereby potentially manipulate client-side validation, GET and POST results, cookies, HTTP headers, and so forth. The application should not send data to the user, such as interest rates or periods, which are obtainable only from within the application itself. The application should
Denial of Service - ✔✔The use of expensive resources such as large files, complex calculations, heavy-duty searches, or long queries should be reserved for authenticated and authorized users. For applications that do not have this luxury, every facet of the application should be engineered to perform as little work as possible, to use fast and few database queries, to avoid exposing large files or unique links per user, in order to prevent simple attacks. Elevation of Privilege - ✔✔If an application provides distinct user and administrative roles, then it is vital to ensure that the user cannot move to a higher role. Not displaying administrative role links is insufficient. All actions should be gated through an authorization matrix, to ensure that only the permitted roles can access administrative functionality. DREAD categories - ✔✔Damage, Reproducibility, Exploitability/Vulnerability, Affected users, Discoverability DREAD - ✔✔Part of a system for risk-assessing computer security threats previously used at Microsoft and currently used by OpenStack and many other corporations. It provides a mnemonic for risk rating security threats using five categories. DREAD - Damage - ✔✔How bad would an attack be? Ranks the extent of harm that occurs if a vulnerability is exploited. DREAD - Reproducibility - ✔✔How easy is it to recreate the attack? Ranks how often an attempt at exploiting a vulnerability really works
DREAD - Exploitability/Vulnerability - ✔✔How much work is it to launch the attack? Measures the effort required to launch the attack. DREAD - Affected users - ✔✔how many people will be impacted? Measures the number of installed instances of the system affected by an exploit. DREAD - Discoverability - ✔✔How easy is it to uncover the threat? States the likelihood that a vulnerability will be found by security researchers or hackers. DREAD threat assessment - ✔✔Each category is given a rating on probability and damage potential. For example, 3 for high, 2 for medium, 1 for low and 0 for none. (Rating scales running from 0 to 10 are common) The sum of all ratings for a given exploit can be used to prioritize among different exploits. Threat Model - ✔✔A diagram and description that tells a story of how an attacker could exploit the vulnerability. This is not a step by step process, but a narrative approach to the attack that should help guide the mitigation techniques that need to be put in place to protect the system. It defines the security of an application and reduces the number of vulnerabilities. It has the 2 steps of identifying and prioritizing vulnerabilities. Sequence Diagram - ✔✔A detailed breakdown of the communication that will occur between actors and system objects or components. Bridges the gap between the business analysis and the development analysis; this can be considered a business or development description of system functionality.
Name the domain(s) for System Requirements Definition - ✔✔Planning/Organization, Acquisition/Implementation, Monitoring Name the domain(s) for Analysis and Design - ✔✔Acquisition/Implementation, Delivery/Support, Monitoring Name the domain(s) for System Build/Prototype/Pilot - ✔✔Acquisition/Implementation, Delivery/Support, Monitoring Name the domain(s) for Implementation and Training - ✔✔Delivery/Support, Monitoring Name the domain(s) for Sustainment - ✔✔Delivery/Support, Monitoring Name the SDLC Phases - ✔✔Project Definition, User Requirements Definition, System Requirements Definition, Analysis and Design, System Build/Prototype/Pilot, Implementation and Training, Sustainment Requirements Analysis - ✔✔A phase of the SDLC that defines security functions that an application should satisfy. The designated employee can also speak with several stakeholders to determine the expected end state of the application. Testing Phase - ✔✔Security should be involved in all phases of the SDLC, but exploitation of vulnerabilities to identify weaknesses should be done in this phase.
Incident Response Plan - ✔✔An organized approach to addressing and managing the aftermath of a security breach or compromise on a system or software. The goal is to handle the situation in a way that limits damage and reduces recovery time and costs. This will take place at the operation phase of the SDLC. Earned Value Management: BCWS - ✔✔Budget Cost Work Scheduled Earned Value Management: BCWP - ✔✔Budget Cost of Work Performed Earned Value Management: SV - ✔✔Scheduled Variance Earned Value Management: CV - ✔✔Cost Variance SV equation - ✔✔BCWP - BCWS CV equation - ✔✔BCWP - ACWP Earned Value Management: ACWP - ✔✔Actual Cost of Work Performed
Technical solution, Product integration, Verification, Validation, Organizational process focus, Organizational process definition, Organizational training, Integrated project management, Risk Management, Integrated teaming, Integrated supplier management, Decision analysis and resolution, Organizational environment for integration Capability Maturity Model Integration (CMMI) levels: ML2 - ✔✔Requirements management, Project planning, Project monitoring and control, Supplier agreement management, Measurement and analysis, Process and product quality assurance, Configuration management
NONE - ✔✔Capability Maturity Model Integration (CMMI) levels: ML The Processes areas of CMMI: Project Management - ✔✔1) Project Planning
- Project Monitoring and control
- Supplier agreement management
- Integrated project management
- Risk Management
- Integrated teaming
- Integrated supplier management
- Quantitative project management The Processes areas of CMMI: Engineering - ✔✔1) Requirements development
- Requirements Management
- Technical Solution
- Product Integration
- Verification
- Validation The Processes areas of CMMI: Support - ✔✔1) Configuration Management
- Process and product quality assurance
- Measurement and Analysis
