10.4.14 Application Development and Security Section Quiz
Which of the following is the first step in the Waterfall application development model?
Requirements The Waterfall development life cycle model steps are: Requirements Design Implementation Testing Development Maintenance
Which application development model approaches software development as a continuous, changing process with never-ending versions, bug fixes, and enhancements?
Agile The Agile development model approaches software development as a continuous, changing process with never-ending versions, bug fixes, and enhancements. The Waterfall development model is the most widely used model. It is called this because each step is completed before the next step is begun. This way, each step flows to the next. Fuzz testing is software testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application. Code signing is the process of digitally signing (encrypting) executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed.
You have just finished developing a new application. Before putting it on the website for users to download, you want to provide a checksum to verify that the object has not been modified. Which of the following would you implement?
Code signing Code signing is the process of digitally signing (encrypting) executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. The process employs the use of a cryptographic hash to validate authenticity and integrity. Code signing: Provides security when deployed. Helps prevent namespace conflicts in some programming languages. Provides a digital signature mechanism to verify the identity of the author or build system. Provides a checksum to verify that the object has not been modified. Provides versioning information about an object as well as storing other metadata about the object. Memory management is a resource-management process applied to computer memory. Code obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand. Normalization is data reorganized in a relational database with the intent to eliminate redundancy by having all related data stored in one place.
Which of the following are the two main causes of software vulnerabilities? (Select two.)
Design flaws Coding errors Coding errors and design flaws are the main causes of software vulnerabilities. Fuzz testing (also known as fuzzing) is a software-testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application. Normalization is data reorganized in a relational database with the intent to eliminate redundancy. This is done by having all related data stored in one place. This is not one of the main causes of software vulnerabilities. Obfuscation is the deliberate act of creating source or machine code that is difficult for humans to understand. This is not one of the main causes of software vulnerabilities.
You are performing a security test from the outside on a new application that has been deployed. Which secure testing method are you MOST likely using?
Dynamic Dynamic application security testing scans applications after they have been deployed. These tests are performed from the outside. Static application security testing focuses on analyzing source code, binaries, and byte code early in the development process. Interactive application security testing is built into static testing and uses source code scanners. Runtime is a type of coding error that occurs while software is running.
Which of the following enters random data to the inputs of an application?
Fuzzing Fuzz testing (also known as fuzzing) is a software-testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application. Fuzzing programs come in two types: Mutation-based programs, which mutate existing data samples to create test data. Generation-based programs, which define new test data based on models of the input. Input validation is the process of ensuring that a program operates on clean, correct, and useful data. Input validation uses routines (also called validation rules or check routines) that check for correctness, meaningfulness, and secureness in data input to the system. Application hardening is the process of preventing vulnerability exploitation in software applications.
Which fuzz testing program type defines new test data based on models of the input?
Generation-based Fuzz testing (also known as fuzzing) is a software-testing technique that exposes security problems by providing invalid, unexpected, or random data to the inputs of an application. Fuzzing program types are: Mutation-based programsMutate existing data samples to create data Generation-based programsDefine new test data based on models of the input Code signing is the process of digitally signing (encrypting) executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. Memory management is a resource-management process applied to computer memory.
What is the storage location called that holds all the development source files that version control systems use?
Repository A version control system uses a repository, which is a storage location that holds all the source files used during development. Stored procedures are one or more database statements stored as a group in a database's data dictionary. Normalization is data reorganized in a relational database with the intent to eliminate redundancy by having all related data stored in one place. Memory management is a resource-management process applied to computer memory.
Which of the following is considered a drawback of the Waterfall application development life cycle?
Requirements are determined at the beginning and are carried through to the end product. The Waterfall development life cycle is a slow process and may take months or years to complete. It also lacks flexibility since the requirements determined in the beginning are carried through to the end product. Development is broken into Sprints when using the Agile development model. The Agile development model performs testing throughout development. When using the Waterfall development model, an application likely goes through some of these steps multiple times before moving on to the next step.
What is a set of software development tools called that can be installed as one unit and provides code frameworks or code snippets to help development go faster?
SDK A software development kit (SDK) is a set of software development tools that can be installed as one unit. These tools can provide code frameworks or code snippets to help development go faster. A version control system uses a repository, which is a storage location that holds all the source files used during development. Code signing is the process of digitally signing (encrypting) executables and scripts to confirm the software author and guarantee that the code has not been altered or corrupted since it was signed. Memory management is a resource-management process applied to computer memory.