CISSP - Domain 8
Software Development Methodologies - Waterfall
Linear-sequential approach, where all reqs are gathered in initial phase and no formal way to integrate changes as more info is available or reqs change. very rigid approach useful for smaller projects where all reqs fully understood.
Managed Services
The practice of outsourcing the responsibility for maintaining certain processes functions to improve operations and cut expenses; SaaS, IaaS, PaaS.
Software Configuration Management (SCM)
This bullet point was revised to specifically include the word software and to give its acronym.
Distributed Computing
in client/server model, need to 'register' client and server components, meaning find out where they live on the network, their names of IDs, type of functionality diff components carry out. - Distributed Computing Environment: standard by Open Software Foundation (OSF), also called Open Group. Is client/server framework available to vendors to use. Provides remote procedure call (RPC) service, security service, directory service, time service, distributed file support. - DCE is set of mgmt services w/ comm layer based on RPC. Is a layer of SW sitting on top of network layer providing services to the apps above it. RPC collects arguments and commands from sending program and prepares them for transmission over the network, determines netowrk protocol to be used and finds receiving host's address in directory. - Time service provides host clock sync and enables apps to determine sequencing and to schedule events. - thread service provides real-time priority scheduling in multi-threading environments. - Directory service allows user, servers, resources to be contacted anywhere on network; DCE uses universal unique identifier (UUID).
Tunneling Virus
installs itself "under" the antimalware program. when antimalware does its health check on critical files, file sizes, modiciation dates, etc. makes a request to the OS to gather this info. if virus can put itself between antimalware and OS, tunneling virus can intercept this call and instead of the OS responding to the call the tunneling virus responds w/ info that indicates everything is fine and healthy. * needs user interaction and/or host system/process to launch.
Software controls
used to control input, encryption, logic processing, number-crunching, interprocess communication, access, output, interfacing w/ other SW...
ACID test
- Atomicity: divides transactions into units of work and ensures all modifications take effect or none take effect. - Consistency; transaction must follow integrity policy for that particular database and ensure all data is consistent in the diff databases. - Isolation: transactions execute in isolation until completed, w/out interaction w/ other transactions; results are not available until transaction completed. - Durability: once transaction verified as accurate on all systems, is committed and databases cannot be rolled back.
Continuous Integration and Continuous Delivery (CI/CD)
CI: process of automating the building and testing of code every time a team member commits changes to version control. CD is the process of ensuring that code is always in a deployable state, even when thousands of developers make changes on a daily basis.
Software Development Methodologies - Spiral
Emphasizes risk analysis, made up of four main phases: determine objectives, risk analysis, development and test, plan next iteration. team starts w/ initial reqs and goes through each phase, gathering more info about the project team integrates it into risk analysis process, improving prototype, testing prototype, adding granularity until have completed product. new reqs addressed as uncovered, each prototype allows for testing early, and feedback upon tests ensures all issues actively reviewed. Last phase allows customer evaluate product in current state and provide feedback. Good method for co9mplex projects that have fluid reqs.
Quality
Fitness for purpose
Where Place Security? SW or Perimeter?
Flaws w/ in SW cause majority of vulns. but perimeter security more often considered than SW insecurities b/c: - in past not considered crucial to implement security during SW dev - most sec professionals not SW devs and no insight into SW vulns - SW devs not sec professionals so no security as main focus - SW vendors trying to get products to market ASAP - industry used to getting SW w/ flaws and applying patches - customers cannot control flaws in SW they purchase so must depend upon perimeter protection
Tool sets
Groups of utility programs, subroutines, or similar software that aid in the development of software.
Libraries
Libraries are suites of data and programming code that are used to develop software programs and applications. They are designed to assist both the programmer and the programming language compiler with building and executing software.
Application Security Testing
Process of reviewing an application or its source code to identify sources of vulnerabilities. It includes two main methods: - Static application security testing (SAST) is a white-box method of testing that examines code to find application flaws and weaknesses. - Dynamic application security testing (DAST) is a black-box method that examines a running application to find vulnerabilities that an attacker could exploit.
Software Security now
Only recently, corporate customers starting demand security but difficult b/c: - programmers traditionally not educated in secure coding. - OSs and apps not built on secure architectures - SW dev procedures not security oriented This makes integrating security as afterthought clumsier and costlier.
Functionality v. Security
Programming code is complex -- code itself, routine interaction, global and local variables, input from other programs, output fed to diff apps, user inputs, calculations, and restrictions make for long list of possible negative security consequences.
Software Assurance Maturity Model (SAMM)
SAMM is an open framework to help organizations formulate and implement a strategy for software security that is tailored to the specific risks facing the organization.
Environment v. Application
SW controls can be implemented by OS or application; usually combo of both is used. Unrealistic to expect OS to understand all nuances of different programs and internal mechanisms.
Runtime Application Self-Protection (RASP)
Security technology that uses runtime instrumentation to detect and block computer attacks by taking advantage of information from inside the running software.
Application Programming Interfaces
Specifies manner in which SW component interacts w/ other SW components. APIs most familiar to use in the context of SW libraries; collection of components doing specific things useful to many other components. Ex: SW libraries for encryption algorithms, managing netowrk connections, displaying graphics. Allows devs to work on their app leveraging known-good code for things similar programs routinely do. Different OSs (Mac OS, Google, Microsoft, etc) require the use of their standard APIs.
Change Management
Systematic approach to deliberately regulating changing nature of projects. During dev phases, customer may alter reqs. in production, changes need b/c other changes in environment, new reqs of SW product or system, or released patches. Takes into account technical issues and resources (people and money), project life cycle, even org climate.
Antimalware Programs Best Practices
- every workstation, server, mobile device should have it installed. - automate updating signatures. - users should not be able to disable it. - preplanned malware eradication developed and contact person designated. - all external disks (USB, etc) scanned automatically. - backup files scanned. - antimalware policies & procedures reviewed annually. - antimalware SW provide boot malware protection. - antimalware scanning happen at a gateway and on each device. - virus scan automated and scheduled. - critical systems physically protected so malicious SW cannot be installed locally. *virus walls: Scanning SW installed into mail servers, proxy servers, or firewalls; can scan SMTP, HTTP, FTP, and possibly other protocols.
Software defined security
Aa software-managed, policy-driven, and governed security environment where most of the security controls, such as intrusion detection, network segmentation and access controls, are automated and monitored through software.
Security Orchestration, Automation, Response (SOAR)
Applications that enable an organization to collect data about security threats and respond to security events without human assistance.
Database Programming Interfaces - Java Database Connectivity
JBDC: API allowing Java apps to comm w/ database, the app can bridge through ODBC or directly to database. - provides same functionality as ODBC but specifically designed for use by Java database apps. - database-independent connectivity btwn java platform and wide range of databases. - java API enables java programs to execute SQL statement.
Software Development Management Technique - DevOps
SW devs and IT teams sometimes at odds; one wants to push code under strict deadlines the other wants to keep things 'up' and unbroken. can help reduce friction by including operations staff on the sW dev team. DevOps is practice of incorporating development, IT, and WA staff into SW development.
SW Life Cycle - Operations and Maintenance Phase
SW released so can be implemented w/ in intended production environment. new problems and vulns commonly identified, interoperability issues or some configs may break critical functionality. devs need make changes and retest, then re-release the code. New vulns discovered almost daily; zero-days, for example, must develop patches and hotfixes (type of patch but does not need computer restart). * verification: if product accurately represents and meets specifications. * validation: if product provides necessary solution.
SW Life Cycle - Requirements Gathering Phase
Where all parties understand why project is needed and what scope entails. Team examines SW's req's and proposed functionality, engages in brainstorming, reviews obvious restrictions. Could include evaluating products on the market and identifying demands not being met by current vendors. Should accomplish the following in Req's Gathering phase: - security req's - security risk assessment - privacy risk assessment - risk-level acceptance Sec req's should be defined in categories of availability, integrity, confidentiality. initial risk assessment carried out to ID potential threats and associated consequences. Involves many, many questions to draw up list of vulns and threats, probability of vulns exploited, and outcome. privacy impact rating assigned after privacy risk assessment done, indicating sensitivity level of the data: - P1, High Privacy Risk: stores or transfers PII, monitors user w/ anonymous data, changes settings of file type associations, installs SW. - P2, Moderate Privacy Risk: sole behavior affects privacy in feature/product/service one-time, user-initiated anonymous data xfer. - P3, Low Privacy Risk: no behaviors affect privacy, no anonymous or personal data transferred, no PII stored, no settings changed on user's behalf, no SW installed.
Immunizers:
attaches code to file or application, fooling virus into 'thinking' it was already infected. Immunizers are usually virus specific.
Garbage Collection
automated way for SW to carry out part of its memory mgmt tasks; garbage collector identifies blocks of memory once allocated but no longer in use and deallocates and marks them as free. also gathers scattered blocks of free memory and combines them into larger blocks. * if garbage collector not taking place properly not only can memory be used in inefficient manner, attack could carry out DoS attack specifically to artificially commit all of system's memory rendering it unable to function.
Database Security Issues - Content-dependent Access Control
based on sensitivity of the data; the more sensitive the smaller the subset of individuals who can gain access to it. Ex: Does Julio have access to File A? Yes, but only read.
Big Data
broadly defined as very large data assets w/ characteristics making them unsui9table for traditional analysis techniques, traits widely agreed to include heterogeneity (in terms of data source and structure like images v free text), complexity, variability (some sources produce nearly constant data while other sources produce data more sporadically or rarely), lack of reliability, sheer volume (would overwhelm most if not all traditional DBMSs).
Crimeware Toolkits
can purchase crimeware allowing people to create own tailored malware through GUI-based tools.
Worms
can reproduce on their own w/ out host application, and are self-contained programs. Little programs used to transport and deliver malicious payloads. * does not need user interaction to launch/spread.
Software Development Methodologies - Incremental
carry out multiple development cycles; similar to multi-waterfall where cycles take place on one piece of software as it matures through stages. Each phase results in deliverable that is an operational product. customer can respond to each build, help dev team improve it. initial product delivery costs are lower, customer gets its functionality earlier, risks of critical changes introduced are lower. this is best method pertaining to risk, program complexity, funding, and when functionality reqs need to be understood early in the cycle.
Data Dictionary
central collection of data elements, definitions, schema objects, reference keys. it is a tool used to centrally manage parts of a database by controlling data about data (metadata) w/ in the database. - schema objects can contain tables, views, indexes, procedures, functions, and triggers. - data dictionary can contain default values for columns, integrity, information, names of users, privileges and roles for user, auditing info.
Web Security - Session Management
controlling the session via unique session ID to every connection (uniquely IDs client to server); need to avoid letting attacker guess session IDs. Using sequential session IDs is a mistake. random IDs of appropriate length good idea, as are timestamps and/or time-based validation to combat replay attacks. and all cookies should be encrypted.
Database Management Software
database: collection of data stored in meaningful way enabling multiple users to access, view, modify that data as needed. databases are managed with software to provide these capabilities. enforces access control restrictions, provides data integrity and redundancy, and sets up procedures for data manipulation; called database management system (DBMS). DBMSs are suite of programs to manage large sets of structured data and interface w/ programs, users, and data w/ in the database for ad hoc queries, etc. * transaction persistence: database procedures carrying out transactions are durable and reliable. state of database's security should be same after transactions and integrity of transaction needs to be ensured.
Secure Coding
developing SW free from defects, particularly those that could be exploited by adversary; it is the standard to which we should all aspire.
Script Virus
executed by an interpreter -- for example, MS windows Script Host which interprets diff types of scripting languages.
Logic Bombs
executes program, or string of code, when set of conditions met.
Macro virus
macros are programs written in Visual Basic of VBScripts, are generally used with MS Office products. they automate tasks. a macrovirus is written in one of these macro languages and platform independent; infects and replicates in templates and w/in documents.
Assessing Security of Acquired Software
mitigate risks of acquired SW begins w/ assessment of the vendor. characteristics of lower risk from given vendor's SW include reputation and regularity of its patch pushes. conversely, vendors may be riskier if small or new companies, if have immature or undocumented dev processes, or if products have broad marketplace presence (meaning, more lucrative targets to exploit). - one possible assessment may be pen test; may do in-house but may hire external party to perform an independent pen test (costly but justifiable if compromise could lead to significant loss for the org).
Software Development Management Technique - Integrated Product Team
multidisciplinary dev team w/ reps from many or all stakeholder populations. Like JAD but extended by ensuring right stakeholders represented in every phase of the development as formal team members and is more inward facing and focused on business stakeholders instead of users.
Meme Virus
not actual computer virus, but types of email messages continually forwarded around the Internet. replicated by humans, not software, can waste bandwidth and spread fear.
Implementation and Default Issues
out-of-the-box implementations are usually far from secure; must be config'd after installation. should always default to "no access". Implementation errors and misconfigs are common. Various services enabled during installation and provide adversaries w/ info and vectors for an attack. (ex: NetBIOS, FTP, TFTP, old versions of SNMP have little to no security controls).
Polymorphic Virus
produces varied but operational copies of itself. even if one of two copies found and disabled, other copies remain active. - can use diff encryption schemes requiring diff decryption routines, requiring antimalware scan for several scan strings (one for each possible decryption method) to identify all copies. - can also vary instructions by including 'noise', or bogus instructions, w/ other useful instructions. - can use mutation engine and random-number generator to change sequence of their instructions to avoid being identified (can have hundreds or thousands of variants).
Trojan Horses
program disguised as another program. Trojan horse named Notepad.exe may still run Notepad for the user, but in the background will manipulate files or cause other malicious acts. - remote access trojans: malicious programs run on systems and allow intruders to access and use system remotely. mimic functionality of legitimate remote control programs but are used for sinister purposes. usually hidden in mobile code, such as java applets or ActiveX controls.
Database Management
risks are increasing to companies that connect their networks to the internet, allow remote user access, provide more and more access to external entities. access control should be restricted by only allowing roles to interact w/ the database, with specific permissions.
ActiveX Controls
self-sufficient programs (like java applets) executed in Windows environment. activex controls can be downloaded from websites to add functionality (animations for web pages) but are also components of windows operating systems and carry out common OS tasks. once downloaded becomes part of the OS (and gains more access to the system than applets with a sandbox). - activex did not have as many security concerns until OLE enabled activex controls; additionally, activex controls were able to download further activex components w/out user authentication (great for worm propagation). security of the browser dictates whether activex components are downloaded automatically or if prompted. - activex comes w/ component container feature allowing multiple apps and networked computers to reuse active components.
Software Development Life Cycle
several Software Development Life Cycle (SDLC) models have been developed, each model has following phases: - Requirements gathering: why create this SW, what will do, for whom will be created. - Design: how SW accomplish goals identified. - Development: programming code to meeting specifications in design phase. - Testing: verifying and validating SW works as planned and goals met. - Operations and Maintenance: deploying SW then ensuring properly config'd , patched, monitored.
Multipart Virus (aka multipartite)
several components and can be distributed to diff parts of the system. using multiple vectors can spread more quickly than virus using only one vector.
Viruses
small app, string of code, infecting software. main function is reproduce and deliver payload. virus is just the 'delivery mechanism'; payload (deleting system files, displaying messages, reconfiguring systems, etc.) is the end-game. can self-replicate.
Web Security - Parameter Validation
this is where the values being received by the application are validated to be within defined limits before server processes them. difference btwn parameter validation and input validation is whether the app was expecting user input as apposed to environment variable defined by the application. Attacks of parameter validation deal w/ manipulating values the system assume are beyond the client being able to configure. - devs employ cookie to the client to help the server remember things about the state of the connection, attacker could change max login attempts to 50,000 to brute force the password. - countermeasure: ensure both pre-validation (both client-side and server-side) and post-validation (on the server's output) controls are on parameters.
Antimalware Software
traditional antimalware uses signatures to detect malicious code, sometimes referred to as fingerprints. - signature-based detection (aka fingerprint detection): effective but delayed response to new threats. - heuristic detection: analyzes overall structure of malicious code, evaluates coded instructions and logic functions, looks at type of data w/ in virus or worm. has "suspiciousness counter" incremented as program finds more potentially malicious attributes. some malware products create virtual machine or sandbox, allow some of the logic to execute. 2 types of heuristic: - static analysis: receiving info about piece of code. - dynamic analysis: allowing portion of code to run in virtual machine. - behavior blockers: antimalware allows suspicious code to execute w/ in OS unprotected and watches its interactions w/ OS looking for suspicious activities - writing to startup files or run keys, opening/deleting/modifying files, scripting email messages to send executable code, connecting to network shares or resources, modifying executable logic, creating/modifying macros and scripts, formatting hard drive or writing to boot sector. newer generation analyze sequences of these operations before determining system infected. *heuristic and behavior blocking considered 'proactive'. * diskless workstations still vuln to viruses b/c can load and reside in memory. * virtual machine or sandbox, sometimes called emulation buffer; memory that is segmented and protected.
Spam Detection
unsolicited junk email. detected via technique called Bayesian filtering; reviews prior events to predict events, basically quantifying uncertainty, and filter applies statistical modeling to teh words that make up an email message. the filter carries out a frequency analysis on each word and evaluates the message as a whole determine whether or not is spam.
Object-Oriented Analysis v Object-Oriented Design
OOA: process of classifying objects appropriate for a solution; problem is analyzed to determine classes of objects to be used in the app. OOD: creates representation of real-world problem and maps it to software solution; result of OOD is design modularizing data and procedures and interconnects objects and processing operations.
Mobile Code
code xmitted across a network, executed by system/device on other end. ex: web browser applets execute in background to download add'l content for the web page like plug-ins that allow view a video.
Database Models - Relational
uses attributes (columns) and tuples (rows) to organize info. most widely used model today. presents info in tables. each cell has only one data value representing specific attribute value. data entries linked by relationships. - primary key: field that links all data w/ in a record to a unique value (e.g. track numbers). when application refers to this primary key it is referring to all the data w/in that given row.
Web Security - Input Validation
validating input requests and/or submissions from users. examples: - path or directory traversal: this attacks known as dot dot slash (insert characters "../") several times into URL to back up or traverse into directories weren't supposed to be accessible from web. it tells system to back up to the previous directory - unicode encoding: web servers support unicode to support diff character sets (for diff languages). even if we told our systems to not allow "../" traversal request, attacker using Unicode could make same directory traversal w/out "/" but with unicode representation of it (%c1%1c, %c0%9v, and %c0%af). - URL encoding: %20 is a space b/c spaces are not allowed characters in URLs; attackers found out how bypass filtering techniques by representing characters differently. - client-side validation: input validation done at the client before sent back to server; avoids incomplete requests sent to the server. problems arise when client-side validation is the only validation taking place -- also need server-side validation! - XSS: attacker discovers and exploits vuln on website to inject malicious code into web application; when unsuspecting user visits infected page the malicious code executes on the victim's browser. 3 types: - nonpersistent XSS: attacker tricks victim into processing URL w/ rogue script to steal victim's sensitive info. - persistent XSS: stored or second-order vulns, targeted at websites allowing users to input data stored in database or other location; attacker posts text containing malicious JavaScript and other users later view the posts and their browser renders the page and executes the code. - DOM (document object model)-based XSS: aka local cross-site scripting; attacks document form fields and cookies referenced through JavaScript. Attacker uses DOM environment to modify original client-side JavaScript causing victim's browser execute code.
Malicious Software (Malware)
* ~95% of compromises use email as attack vector. - systems compromised with bots later used in DDoS attacks, spam distro, or part of botnet's C&C. - Ransomware encrypts all or some files, requires password from attacker after paying for it. - malware redirects web traffic toward specific product for purchase. - malware can install keyloggers, carry out phishing attacks, fraudulent activities, identity theft steps, info warfare activities. -some malware stored in RAM and not saved to HD, making harder to detect. RAM flushed when reboot so hardly any evidence. - can be installed in 'drive-by-download' when victim tricked into clicking something malicious (web link, system message, pop-up). - many environments homogeneous meaning one piece of malware works on many/most devices. - everything is becoming a computer. - many people and companies storing info in digital format. - accounts configured w/ too much privilege. - more people not understand tech are using it for sensitive purposes.
SW Life Cycle - Testing Phase
- 'Unit testing' is ensuring quality of individual code modules or classes. simulates inputs to which code may be exposed, ensure code always behaves in expected and secure manner. - 'test-driven development' devs develop unit tests before even start coding, or at least in parallel w/ coding. results much higher-quality code w/ significantly fewer vulns. * totally different people should carry out formal testing. programmer should not develop, test, and release software. sec tests should be run against vulns identified earlier in project; buffer overflows, hit interfaces w/ unexpected input, DoS, if system crashes should revert to secure state, tested on multiple hardware platforms (stand-alone PC, w/ VPN, virtual). Testing types: - unit testing: test individual components in controlled environment where programmers validate data structure, logic, boundary conditions. - integration testing: verifying components work together. - acceptance testing: code meets customer req's. - regression testing: after change to system, ensure functionality, performance, protection remain. * Fuzzers use complex input to impair execution; 'fuzzing' used to discover flaws and vulns by sending large amts of malformed, unexpected, or random data to program to trigger failures.
Assemblers, Compilers, Interpreters
- Assemblers: converts assembly language source code into machine code, consists of mnemonics (incomprehensible to processors and need translation into operation instructions). - Compilers: convert high-level language into machine-level format (e.g., .exe, .dll, etc.) for specific processors to understand. Allows devs to create SW once in high-level language and compiled for various platforms. - Interpreter: Does last step of transforming high-level code to machine-level code (ex: apps developed in .NET translated into intermediate, platform-independent format (ex: Java bytecode); upon runtime code interpreted into processor-specific code (ex: Java Virtual Machine has interpreter specific for the platform it is installed on and converts bytecode into machine-level code for execution). * greatest advantage in interpreted environment is platform independence and memory management functions part of interpreter. major disadvantage is program cannot run as a stand-alone application, requires interpreter installed on local machine.
Database Security Issues - Cell Suppression and Partitioning
- cell suppression: technique to hide specific cells w/ info that could be used in inference attacks. - partitioning: dividing database info diff parts, making it harder for unauthorized individual to find connecting pieces. Noise and perturbation is inserting bogus info to misdirect attacker or confuse matter enough that attack no fruitful.
Software Development Methodologies - Other methodologies
- exploratory: used where clearly defined project objectives not been presented, relies on set of specifications likely to affect final product's functionality. testing important. - Joint Application Development (JAD): uses team approach in workshop environment, includes members other than coders, common to find executive sponsors, SMEs, and end users spending hours of days in development workshops. - reuse: uses progressively developed code, where programs evolved gradually modifying prototypes; drastically reduces both dev cost and time. - cleanroom: attempts to prevent errors or mistakes following structured and formal methods of dev and testing; used for high-quality and mission-critical applications that will be put through strict certification process.
Primary Key v Foreign Key
- primary key is identifier of a row used for indexing in relational databases. each row must have unique primary key to represent the row as one entity. when user makes request view record database tracks record by unique primary key. - Foreign key the value is attribute in one table w/ a value matching the primary key in another table.
Data Modeling, Data Structures, Cohesion and Coupling
- Data modeling: considers data independently of way it is processed and components that process the data. follows an input value from beginning to end and verifies output is correct. Will also verify data and relationships that govern it (ex: verifies data item in one file structure or data store might be pointer to another file structure or diff data store and must point to right place). - Data Structure: representation of logical relationship btwn elements of data. structure can be simple like scalar item (representing single element that can be addressed by identifier and accessed by single address in storage). Other structures include hierarchical using multi-linked lists (provides categorization and association). - Cohesion and coupling: - cohesion: reflects how many diff types of tasks module can carry out. if module carries out one task (subtraction) or similar tasks (add, multiply) it is described as having high cohesion. higher the cohesion easier to update or modify and not affect other modules that interact w/ it. object with low cohesion carries out multiple diff tasks and increases complexity of the module making it harder to maintain and reuse. one object should not carry out math operations, graphic rendering, and crypto. - coupling: measurement of how much interaction one module requires to carry out its tasks. if module has low (loose) coupling, it means module not need comm w/ many other modules (this is desired so can be reused w/out affecting other modules). high (tight) coupling means module depends on many other modules to carry out its tasks (Module A passes diff values to Module B, C, and D -- and cannot complete its task until those 3 modules return their results).
Web Application Security Principles
- First rule is analyzing website architecture (simpler and clearer the better for analyzing). - next, user-generated input needs critical scrutinizing (general rule: all input is bad). - output should also be filtered to ensure private or sensitive data not being disclosed. - encryption secures input/output operations. - sites should be designed to behave in a certain way in case of error (failing securely). * security through obscurity is poor security implementation.
6 common elements of malware
- Insertion: installs itself on system. - Avoidance: avoids being detected. - Eradication: removes itself after payload execution. - Replication: makes copies of itself and spreads. - Trigger: uses event to initiate payload execution. - Payload: carries out function (deletes files, installs back door, exploits vuln, etc.).
Mashup and Cloud Computing and SaaS
- Mashup: combination of functionality, data, and presentation capabilities of two or more sources to provide new service or functionality. Open APIs and data sources commonly aggregated and combined to provide more useful and powerful resource. Ex: http://popurls.com combines functionality of APIs provided by sites like Digg, Del.icio.us, Flickr, and YouTube to provide integrated social news. - Cloud computing: computing as a service, providing processing computation capabilities, storage, and software w/ out end user worrying about physical location and/or config of devices and SW. - SaaS: allows apps and data centrally hosted and accessed by thin clients, commonly web browsers, delivering many business apps and functionality (CRM, resource planning, etc.).
Object-Oriented Programming Benefits
- Modularity: building blocks of SW are autonomous objects, cooperating through exchange of messages. - Deferred commitment: internal components of object can be redefined w/out changing other parts of system. - Reusability: classes are reused by other programs, though may be refined through inheritance. - Naturalness: object-oriented analysis, design, modeling map to business needs and solutions. *Instead of developing same code to carry out same function for 10 diff apps, OOP allows create object once and reuse it in other apps. Object may perform method that extracts data from database and populates webpage. * objects encapsulate attribute values, meaning this info is packaged under one name and can be reused as new entity by other objects. objects comm w/ each other and use messages sent to receiving object's API. - object can have shared portion and private portion. shared is API enabling it to interact w/ other components. private is how actually works and performs requested operations (this is how data hiding works). - abstraction: capability to suppress unnecessary details so architect can understand crucial part of the product (seeing forest w/out concentrating on each tree). - objects can be catalogued in a library, providing economical way for more than one app to call upon the objects; library provides index and pointers to where objects actually live w/ in system or on another system.
Database Programming Interfaces - Object Linking and Embedding Database
- Object Linking and Embedding Database (OLE DB): MS Windows-based client tool, COM-based, separates data into components as middleware on client or server, providing low-level interface to link info across diff databases and providing access to data no matter where located or how formatted. - replacement for ODBC, extending its features to wider variety of nonrelational databases like object databases and spreadsheets. - Set of COM-based interfaces providing apps w/ uniform access to data stored in diverse data sources. - Dev accesses OLE DB via ActiveX Data Objects (ADO). - allows diff apps to access diff types of and sources of data.
Database Programming Interfaces - Open Database Connectivity
- Open Database Connectivity (ODBC): API allowing application to comm w/ relational databases locally or remotely. App sends requests to ODBC API, ODBC tracks down database-specific driver for database to carry out translation, translates requests into database commands specific database will understand.
Database Integrity - Rollback
- rollback: ends current transaction and cancels current changes; changes are cancelled and database returns to previous state. - commit: completes transaction and executes all changes made by user; b/c changes are committed, are then available to all other apps and users. if commit cannot be accomplished, rollback occurs; ensures partial changes do not take place and data remains uncorrupted. - savepoints: if system failure occurs, or error detected, database can attempt return to point before system crashed. balance must be struck btwn too many and not enough savepoints; too many degrades performance, too few risks data loss. - checkpoints: when database SW fills up certain amount of memory, checkpoint is initiated, saving data from memory segment to temp file. if glitch experienced, SW tries to use this info to restore user's working environment to previous state. - two-phase commit: has two parts; commit-request (voting), where coordinator processes attempts to prepare all transactions to either commit or abort transaction, and commit phase, where based on voting of the participants in previous part, coordinator decides to commit (if all voted "Yes") or abort (otherwise), notifying result to all participants. participants follow with the needed actions (commit or abort) with their local transactional resources. - batch processing: requests of database changes put into queue and activated all at once - not at the exact time user makes the request. many transactions will require more tan once database updated during the process and databases need to make sure each database properly modified, or no mods take place at all. initially, databases store changes temporarily, then transaction monitor sends out "pre-commit" to each database and if databases respond w/ acknowledgment monitor send our "commit" command.
Spyware and Adware
- spyware: gathers sensitive info about victim or online browsing habits, often used by spammers to send targeted ads. - Adware: automatically generates (renders) ads through pop-ups, user interface components, or screen presented during installation of updates of other products. goal of adware is to generate sales but not carry out malicious activities.
Database Programming Interfaces - Active Data Objects
ADO: API allowing multiple apps to access back-end database systems, set of ODBC interfaces exposing functionality of data sources through accessible objects. ADO uses OLE DB interface to connect w/ database, can be developed w/ many diff scripting languages. Commonly use dcin web apps and client-server apps. - high-level data access programming interface to underlying data access tech (like OLE DB). - set of COM objects for accessing data sources, not just database access. - allows dev write programs that access data w/out knowing how database implemented. - SQL commands not req'd to access a database when using ADO.
Capability Maturity Model Integration
CMMI (replaced CMM but exam may use 'CMM') is comprehensive, integrated set of guidelines for development products and SW. 5 phases: Initial, Repeatable, Defined, Managed, Optimizing. Each phase moves from reactive/ad-hoc to disciplined repeatable method reducing life cycle of dev and providing better project mgmt. Third-party companies evaluate SW ev companies and certify their product dev processes, using the evaluation as a selling point. - Initial: process is ad-hoc or even chaotic, assurance f consistency, quality unpredictable. - Repeatable: formal mgmt structure, change control, quality assurance in place. properly repeated processes but company not have formal process models defined. - Defined: formal procedures in place and carried out in each project, org has way to allow for quantitative process improvement. - Managed: formal processes in place collect and analyze quantitative data, metrics are defined. - Optimizing: budgeted and integrated plans for continuous process improvement.
COM (Component Object Model) and DCOM (Distributed Component Object Model)
COM: allows for interprocess comms w/in one app or btwn apps on same computer system. Proprietary, developed by Microsoft. Has standard APIs, component naming schemes, and comm standards. (if want to make app for Windows, must use COM standards). DCOM: supports same model as COM and also supports distributed interprocess comms. This is how client/server activities are carried out by COM-based OSs and/or applications. Is the middleware enabling distributed processing and provides devs w/ services supporting process-to-process comms across networks. largely replaced by .NET framework, mainly used for applications in Windows environments, has large library apps can call upon. programs written in this framework execute in application virtual machines providing memory mgmt, exception handling, and many security services. * uses globally unique identifier (GUID) vice UUID (that DCE uses).
CORBA (Common Object Request Broker Architecture) and ORBS (Object Request Brokers)
CORBA: open object-oriented standard developed by Object Management Group; provides interoperability among vast array of SW, platforms, hardware. enables apps to comm w/ each other no matter where apps located or who developed them. The standard defines the APIs, comm protocols, and client/server comm methods allowing apps in diff programming languages run on various platforms to work together. Clients request services from objects, client passes object message containing name of object, requested operation, and necessary parameters. - CORBA model contains two main parts: - System-oriented components (object request brokers [ORB]) and object services). The ORB manages all comms btwn components and enables interaction in distributed environment. ORB is middleware allowing client/server comm to take place between objects on diff systems. When client needs functionality, ORB receives request and locates necessary object for that task. Once object found, ORB invokes method (or operation), passes parameters, and returns result to the client. - application-oriented components (application objects and common facilities).
Source Code Vulnerabilities
Open Web Application Security Project (OWASP) is org dealing specifically w/ web security issues. long list of tools, articles, resources that developers can exploit to create secure SW. OWASP also has chapters throughout the world. best known for Top 10 list of web app security risks: - Injection, Broken Authentication, Sensitive Data Exposure, XML External Entities, Broken Access Controls, Security Misconfig, XSS, Insecure Deserialization, Using Components w/ Known Vulns, Insufficient Logging & Monitoring. https://owasp.org/www-project-top-ten/
Software Development Methodologies - V-Shaped
Follows steps laid out in V format, emphasizing verification and validation at each phase w/ formal method of developing testing plans as each coding phase executed. Like waterfall method, each phase completed before next phase begins; v-shaped methodology requires testing throughout phases, but still very rigid. again, best used when all reqs understood up front and potential scope changes are small.
Project Management
Good project mgmt keeps project moving, allocates resources, provides leadership, plans for worst yet hopes for best. Security plan should b drawn up beginning of dev project, integrate into functional plan ensure security not overlooked. Must avoid scope creep! first plan covers side base, refers to documented references for info including computer standards (RFCs, IEEE standards, best practices), documents previous projects, sec policies, accreditation statements, incident-handling plans, nat'l or internat'l guidelines. if SW being developed for specific customer, SOW developed describing product and requirements. Work Breakdown Structure (WBS) is project mgmt tool to define individual work elements in organized manner; deliberate decomposition of project into tasks and subtasks w/ clear deliverables. SDLC should be illustrated in WBS format so each phase properly addressed.
Polymorphism
ISC2 definition: "two objects can receive the same input and have different outputs". Polymorphism takes place when diff objects respond to the same command, input, or message in diff ways. - If you develop a program in an OOP language you can create a variable to be used in diff forms; the app will determine what form to use at the time of execution (runtime). - if create variable named USERID and develop the object so that variable can accept either integer or letters, this provides flexibility, meaning user ID can be accepted as an account number or name. If application A uses this object it can choose to use integers for user ID while application B can choose to use characters. - suppose three diff objects received input "Brett"; Object A processes this input and produces "Captain America", Object B produces "MDX", Object C produces "muscle ups".
Java Applets
Java is object-oriented, platform-independent programming language (b/c uses bytecode which is not processor-specific), applets are small components commonly running in user's web browser. - programmer creates java applet and runs it thru compiler. - compiler converts source code into bytecode (not processor-specific). - user downloads java applet. - JVM converts bytecode into machine-level code (processor-specific). - applet runs when called upon. when applet executed, JVM creates virtual machine which provides an environment called a sandbox (this is where the applet carries out its activities and limits the applet's access to any system resources).
Java Platform, Enterprise Edition (Java EE)
Just as COM and CORBA created to allow modular approach to programming code w/ goal of interoperability, Java EE defines object oriented client/server model and platform independent. EE is enterprise Java platform to develop enterprise software in the Java language. takes advantage of the "Write Once, Run Anywhere" capability of Java, and can handle scalability, concurrency, transactions, and security services for the client.
Programming Languages and Concepts
Main categories of languages are machine, assembly, high-level. - machine: binary format computer's processor can understand and work w/ directly. each processor family has it's own machine code instruction set. - assembly: also CPU hardware specific, low-level, symbolic representation of machine-level instructions; one step above machine language using symbols (mnemonics) to represent complicated binary codes. could use commands like ADD, PUSH, POP instead of binary codes. assembly languages use programs called assemblers that automatically convert assembly codes into binary language. - high-level: abstract statements (IF-THEN-ELSE) easier to work w/ and similar in syntax to human languages. code written in high-level language converted to machine language for diff processor architectures using compilers and interpreters. - very high-level: further enhance natural language approach, meant to take natural language-based statements. amount of 4th-gen manual coding req'd to perform specific task may be ten times less than 3rd-gen. - 5th generation (natural language): program creation does not happen through defining algorithms and functions statements but rather by defining constraints for specified result. works like black box; problem goes in and solution comes out. goal of 5th gen is advanced knowledge-based processing and AI. * higher the language, the more abstraction involved (details are far away or hidden).
SW Life Cycle - Design Phase
Map theory to reality. Design outlines how product accomplish requirements. three models: - Informational: dictates type of info processed and how processed. - Functional: tasks and functions application carries out. - Behavioral: explains states application be in during and after transitions take place. Following security items should be accomplished: - attack surface analysis: ID and reduce amt of code and functionality accessible to untrusted users (scrutinize files, registry keys, memory data, session info, processes, services details). - threat modeling: systematic approach understanding how diff threats could be realized and how successful compromise could take place. * threat tree example: Threat 1 at the top (ex: compromise password); 3 branches off that are access "in-use password", access password in DB, guess password; below "in-use is sniff network, phishing attack, below guess password is password is weak, brute-force attack. etc....
Relational Database Components
Most database languages include: - data definition language: DDL, defines structure and schema. structure could mean table size, key placement, views, data element relationship. schema is type of data held and manipulated, and properties. - data manipulation language: DML, contains all commands enabling user to view, manipulate, use database (view, add, modify, sort, delete). - data control language: DCL, defines internal org and database. - ad hoc query language: QL, enables users to make requests of the database, defines queries to access the data. - report generator: produces printouts of data in user-defined manner.
Object-Oriented Concepts
Object-oriented programming perform same functionality (input-output) but w/ diff techniques in a more efficient manner; w/ classes and objects. real-world object, such as a table, is member (or instance) of larger class of objects called "furniture" w/ set of attributes like color, dimensions, weight, style, cost, etc. These attributes apply if the chair, table, etc. is 'instantiated' (i.e., generated). When the table, chair, etc. is instantiated as a member of class 'furniture' it then inherits all the defined attributes. Developers then define classes and attributes, not each individual object. - For customer use, SW written in OOP will have request sent to it, usually from another object, requesting object wants new object to carry out a function. Object A wants object B subtraction on numbers sent from A to B; when request comes in an object is built (instantiated) w/ all necessary programming code, object B then carries out subtraction task and sends result back to object A. - The objects 'talk' via APIs.
Secure Coding Practices
Once org consistently producing good coding standards is Carnegie Mellon University's SW Engineering Institute; their top 10 practices: - Validate inputs: never trust your inputs. - Heed compiler warnings: many devs ignore compiler warnings unless forced to address them. - Architect and design for security policies: SW teams should build to comply w/ policies in the environment they'll operate. - Keep it simple: refactoring code to ensure as simple as possible yields huge security payoffs. - Default deny: unless explicitly req'd to allow requests, SW systems should deny all. - Adhere to principle of least privilege: processes should run w/ minimum set of privileges possible. if escalation needed, only last long enough to get job done then dropped again. - Sanitize data sent to other systems: this is other half of validating inputs; should ensure outputs can do no harm. - Practice defense in depth: assume any given layer will fail, ensure neighboring layers can account for this. - Use effective quality assurance techniques: may be tall order to do all the time, but should set high AND realistic goals. - Adopt a secure coding standard: setting standards and holding people accountable enables all other security practices.
Software Configuration Management
SW config mgmt (SCM) identifies attributes of SW at various point in time and performs methodical control of changes for the purpose of maintaining SW integrity and traceability through dev life cycle. centralized code repositorires often kept in systems that can carry out SCM functionality, manage and track revisions by multiple people against single master set. - versioning: keeping track of file revisions, making it possible to "roll back" to previous version. should also create log reports of who made changes, when made, and what the changes were. - synchronization: Some SCM systems allow checking out complete or partial copies of the repositories and work on the files needed. then can commit their changes to back to master repository, update their own personal copies to stay up to date w/ changes from other people. *SW escrow: company pays other company to develop SW for it, should have escrow in place for protection. 3rd party keeps copy of source code and will release to customer only if specific circumstances arise (go developing company goes bankrupt, etc.). *compiled code: code been put through compiler and is unreadable to humans.
Security of Development Platforms
SW engineers' most important tool is Integrated Development Environment (IDE); allows engineer to pull code from repository, edit it, test it, push it back into repository so rest of the team can build it (ex: Eclipse, Visual Studio, Xcode, and others). Security of the dev platforms, means both development endpoints and "fake" clients and servers on which SW gets tested. - First step is secure devices SW engineers practice their craft. - also need securely provision development clients and servers they will need for testing. Put in isolated VLAN? If some devs are remote, insist on VPN.
Rootkit
Set of tools on compromised system for future use. When system compromised at 'administrator' level, can upload bundle of tools, called rootkit. first thing installed is back-door program, other common tools allow for credential capturing, sniffing, attacking other systems and covering tracks. attacker replaces default system tools w/ new compromised tools w/ same name; referred to as 'trojaned programs' b/c carry out intended functionality but do malicious activity in the background. this helps ensure rootkit not detected. - rootkits commonly include 'log scrubbers'. some of the more powerful rootkits update the kernel of the system instead of just replacing individual utilities. very difficult to detect kernel updates compared to replaced utilities b/c most host IDS (HIDS) products look at changes to file sizes and modification dates but not necessarily kernel of the OS. - removal can be very complicated; reinstallation of OS may be only solution. - if rootkit resides in hypervisor of system, can exploit hardware virtualization features and target host operating systems; allows rootkit to intercept hardware calls made by original OS. not very common but probably become more popular b/c of expansive use of virtualization.
Boot Sector Virus
boot sector virus: some have part of code in boot sector initiating during boot up, then rest of code in the hard drive the virus marked off as 'bad'.
Botnets
code that carries out functionality for its master, allow for simple tasks carried out in automated manner in web-based environment. owner of botnet is 'bot herder', controlling systems remotely, usually through IRC protocol. - hacker sends out malicious code w/ bot SW as payload. - once installed, bot logs into IRC or web server it is coded to contact, server acts as controlling server for the botnet. - spammer pays hacker to use these systems and sends instructions to controller server, which causes all infected systems to send out spam messages to mail servers. - can be used for spamming, brute-force and DDoS attacks, click fraud, fast flux techniques (evasion technique to hide phishing and malware delivery sites - one way to rapidly updating DNS info to disguise hosting location of malicious websites), spread of illegal material. traffic can use IRC or HTTP and even tunneled through Twitter, instant messaging, other common traffic types.
Data Warehousing
combines data from multiple databases or data sources into large database to provide more extensive info and data analysis. Data is normalized (means redundant info stripped out and data formatted in way warehouse expects it). Usually built for operational purposes; users can query one entity rather than diff databases and analysis can be done to make forecasting decisions, identify marketing effectiveness, trends, even fraud. not simply a process of mirroring, but a abase of data processed and presented in more useful and understandable way. related pieces of data summarized and correlated before presented to user. also requires more stringent security.
Database Models - Hierarchical
combines records and fields related in logical tree structure. - parents can have one child or many, or none at all. - tree structure contains branches, each branch has number of leaves, or data fields. useful for mapping one-to-many relationships. - have well defined access paths but not as flexible in creating relationships btwn data elements. - to access a data entity reqs knowledge of which branch to start with and route to take through each layer until reached. - cannot create links btwn diff branches and leaves on diff layers. * LDAP most common hierarchical model in the Windows Registry structure.
Polyinstantiation
denying users at lower level from accessing/modifying data at higher level by enabling table w/ multiple tuples w/ same primary keys, w/ each instance distinguished by security level. when this info is inserted into database, lower-level subjects must be restricted from it; instead of restricting access, another set of data is created to fool the lower-level subjects into thinking the info actually means something else. Ex: higher classified table says USS America carrying guns from Maine to Florida, but UNCLASS table says USS America moving food from Maine to Oregon; it's clear the USS America is gone but lower-level employee thinks it went somewhere it didn't, doing something it isn't.
Database Models - Object Oriented
designed to handle variety of data types (images, audio, docs, video). object-oriented database mgmt system (ODBMS) more dynamic than relational b/c objects created when needed and the data and procedure (called method) go w/ object when it is requested. object-oriented database has classes to define the attributes and procedures of its objects. - this type of database does not rely on SQL for interactions, so apps that not SQL can work with these types of databases. - Ex: when app queries for some data, what is returned is not only the data but also the code to carry out procedures on this data.
Software Development Methodologies - Agile Methodologies
many classical dev approaches provide rigid processes, failing schedule time release, over budget, and/or not meet customer needs. Agile methodology is umbrella term for several dev methodologies and can take parts of all available SDLC methodologies and combine them., focusing on incremental and iterative methods promoting cross-functional teamwork and continuous feedback, focuses on small increments of functional coded based on business need, individual interaction instead of processes and tools. notable element is focus on user stories; a sentence describing what a user wants to do and why. - scrum: most widely adopted to take on projects of any size/complexity, lean and customer focused, acknowledges customer cannot be completely understood, will change over time. team collaboration, customer involvement, continuous delivery. project can be reset by allowing features to be added, changed, or removed. change points happen at conclusion of each sprint (fixed-duration dev interval usually two weeks in length and promises delivery of specific set of features in a backlog). - extreme programming: like scrum but no sprints and backlogs, add a lot of code reviewing steps - to the extreme. continuous reviews done via pair programming, where one programmer dictates code to partner who then types it. reduces errors and improves overall quality of the code. XP relies on test-driven development where programmer first writes new unit test case, then add just enough code to pass unit test, then next test is written and enough code to pass test is added -- this minimizes the amount of code to pass tests. - kanban: production scheduling system by Toyota. stresses visual tracking of all tasks so team knows what to prioritize to deliver right features right on time. kanban wall divided vertically by production phase (i.e., planned, in progress, done).
Database Security Issues - Context-dependent Access Control
more complex than content-dependent. SW "understands" actions that should be allowed based upon state and sequence of the request. SW keeps track of previous access attempts by user and understands what sequences of access steps are allowed. Ex: Does Julio have access to File A? Yes, but he has made other attempts at different data, attempts outside working hours, etc.
Service-Oriented Architecture (SOA)
more web-based approach providing standardized access to most needed services to many diff apps at one time. individual apps not need possess same redundant code and functionality; functionality can be offered by individual entity then all other apps call upon and use it. Ex: homes don't have own power grid, instead tap into one geographical grid w/ method of each home accessing grid and obtaining power. - the entity that will provide service in an SOA environment sends service-description document to service broker, service broker has map to all services available w/ in specific environment, when app needs service it makes a call to the broker, which points app to necessary service provider. - services w/ in SOA are usually provided through web services which allow for web-based comms to happen seamlessly using web-based standards like Simple Object Access Protocol (SOAP), HTTP, Web Services Description Language (WSDL provides machine readable description of specific operations provided by the service), Universal Description, Discovery and Integration (UDDI), and XML.
Database Models - Network
network database model built upon hierarchical model, but instead of having to know how to go from one branch to another, this one allows each data element to have multiple parent and child records forming network-like structure instead of tree. - uses constructs of records and sets. a record contains fields. a set defines one-to-many relationship btwn diff records. - one record can be "owner" of any number of sets and many data elements underneath it.
Database Views
permits one group or specific user to see certain info while restricting another group altogether. if admin wants allow middle mgmt to see their department's profits and expenses but now show whole company's profits, DBA can implement views. views can be displayed according to group membership, user rights, or security labels. databases can employ discretionary access control and mandatory access control. if DAC used, groups and users granted access based on their identity, authentication, and authorization. If MAC used, groups and users granted access based on security clearance and data's classification level.
Change Control
process of controlling specific changes during life cycle of system and documentation change control activities. change must be approved, documented, tested. Some necessary steps: - make formal request for change. - Analyze request: develop implementation strategy, calc costs, review security implications. - Record change request. - Submit change request for approval. - Develop change: recode product, link changes to formal change control request, submit SW for testing /QA, repeat until adequate, make version changes. - Report results to mgmt.
Data Mining
process of massaging data held in data warehouse into more useful information. Data-mining tools find association and correlation in data to produce metadata. metadata can show previously unseen relationships btwn subsets of info and reveal abnormal patterns. can look at complex data and simplify it using fuzzy logic (set theory) and expert systems (using AI) to perform mathematical functions and look for patterns. also known as 'knowledge discovery in database (KDD) and is combination of techniques to identify valid and useful patterns. three approaches: - Classification: groups data according to similarities. - Probabilistic: identifies interdependencies and applies probabilities to their relationships. - Statistical: Identifies relationships between data elements and uses rule discovery.
SW Life Cycle - Development Phase
programmers become deeply involved. many computer-aided software engineering (CASE) tools they can use to generate code, test it, carry out debugging. makes development faster w/ fewer errors. They also help w/ detailed records of req's, design steps, programming activities, and testing. MITRE's Common Weakness Enumeration (CWE) initiative collaborates with the SANS Institute maintaining list of top most dangerous software errors (http://cwe.mitre.org; SQL injection, OS injection, buffer overflow, cross-site scripting, hard-coded credentials, no encryption sensitive data, reliance on untrusted inputs, unrestricted upload dangerous file types, cross-site request forgery, use of broken crypto algorithm, URL redirect, one-way hash w/ out salt). * static analysis: technique to help identify SW defects or sec policy violations by examining code w/ out executing the program. allows devs to quickly scavenge source code for flaws and vulns. * dynamic analysis: evaluation of program in real time, when it is running, carried out once program cleared static analysis and basic programming flaws rectified offline.
Object Lining and Embedding (OLE)
provides way for objects to be shared on local personal computer and to use COM as foundation. OLE enables objects (such as graphics, clipart, spreadsheets) to be embedded into documents. - linking: capability for one program to call another program (URL in document). - embedding: placing piece of data inside foreign program or document (spreadsheet into document, can double-click to open it w/ excel and make edits). * OLE was evolved to work on the internet; called ActiveX, can run on any platform supporting DCOM.
Database Models - Object Relational
relational database w/ software front end written in object-oriented programming language w/ the procedures needed for the client to request data, this way each app accessing the database does not need necessary procedures. - programmers build front-end SW allowing business logic procedures to be used by requesting applications and the data within the database. - Ex: one application can access database to get quantity of widget A, so front-end object carries out that procedure. data grabbed from database by this object and answer provided to requesting application. if need trend analysis, different object can carry out that calculation and present it to requesting application.
Software Development Methodologies - Rapid Application Development
relies more on rapid prototyping than extensive upfront planning. how improve SW is interleaved w/ developing the SW, allows for SW to be developed quickly. The goal is combine business reqs and tech design statements which provide direction in the SW development project. * main reason RAD developed was by the time SW developed following other methodologies, reqs changed and went back to drawing board. if takes year to dev SW, customer's needs probably advanced and changed.
Security of Code Repositories
repository is the vault involved in SW development. intellectual property is the source code. adversary could look for vulns to exploit later or deliberately insert vulns into SW for use later. most secure way to manage code repositories is implement isolated (or "air-gapped") network dev, testing, and QA. once code verified and can be exported to production servers using removable storage media.
Software Development Methodologies - Prototyping
sample SW code explores specific approach to problem before investing time and resources. three main models: - rapid: quickly create prototype test validity of current understanding of project reqs, also called throwaway is "quick and dirty" method. - evolutionary: built w/ goal of incremental improvement w/ in a lab environment, feedback gained through each phase to improve prototype. - operational: extension of evolutionary -- improve quality of prototype as more data gathered -- but designed to be implemented w/ in production environment as being tweaked.
Web Security - Administrative Interfaces
some systems make administration be carried out from local terminal but usually is remote option. bad habit that's found is enabling "remember password" option. another is not disabling management interface if not needed. Can also control which systems are allowed to connect and administer the system; allow only specific IP addresses or netowrk IDs. most secure management interface is out-of-band (separate channel of communication to avoid vulns in the environment the system operates in). ex: modem connected to web server to dial in directly vice the Internet and web interface (should only be done via Secure Shell (SSH).
Stealth Virus
stealth virus: hides modifications made to files or boot records, hide itself by masking size of the file it is hidden in or move itself temporarily to another location while antimalware program is scanning.
Online Transaction Processing (OLTP)
used when databases are clustered to provide fault tolerance and higher performance, load-balancing for requests if necessary, and providing mechanisms watching for problems and dealing w/ them when the occur. Ex: if process stops functioning, monitor mechanisms of OLTP detect it and attempt to restart process. if can't be restarted then transaction taking place rolled back. any erroneous/invalid transactions written to transaction log (along w/ successful ones). Data written to log before and after transaction carried out so record of events exists. Main goal is ensure transaction happen properly or not at all. Ex: if person withdraws money, new account balance updates ALL databases that hold account balance info or the withdrawal does not occur.
Web Security - Authentication and Access Control
usernames and passwords still used to control access to most web apps; passwords not provide much confidence truly proving identity of entity, only prove person using the account has right password. many financial orgs use multifactor authentication. best practice is to exchange all authentication info (and authenticated content) via secure mechanism, typically encrypting credential and channel of comms via TLS.
Database Integrity - Concurrency
when data will be accessed and modified at the same time by different users and/or apps. to ensure concurrency issues do not cause problems, processes can 'lock' tables w/ in a database, make changes, then release the software lock; locking ensures two processes do not access the same table at the same time. Databases' 3 types of integrity services: - semantic integrity: makes sure structural and semantic rules enforced; these rules pertain to data types, logical values, uniqueness constraints, and operations. - referential integrity: if all foreign keys reference existing primary keys, should be mechanism that ensures no foreign key contains a ref to primary key of nonexistent record or null value. - entity integrity: guarantees tuples uniquely identified by primary key values; every tuple must have one primary key or it can't be referenced.
Database Security Issues - Aggregation
when user does not have clearance or permission to access specific info but does have permission to access components of that info; can then figure out rest by learning info from diff sources and combining it. - prevent this by placing objects (the info) into containers classified at higher level to prevent access from subjects w/ lower permissions or clearances. a subject's queries can be tracked, and context-dependent access control can be enforced; this keeps history of objects subject has accessed and restrict access attempts. * inference: intended result of aggregation. when subject deduces full story from pieces learned via aggregation.