Secure Software Design
SDLC Development phase
-Code review -Use of security patterns -Flaw and bug mitigation -Unit security testing.
Security components of requirement specification
-Consequence of failure -Associated risks -Fail case
3 defined methodologies in the Crystal Family of Methodologies
-Crystal clear -Crystal orange -Crystal orange web
The 3 risks of re-engineered software
-Modifications maybe required to integrate the new functions with the unmodified portions. -New vulns may be introduced by the increasing complexity of the system. -Any unexpected behavior in the overall system may manifest itself as a new vuln
Secure system design requirments
-Nonfunctional requirements -Functional requirements -Security requirements
Major concepts of the UML framework
-Use case and requirements -Architecture -Iterative & incremental processes.
2 goals of threat modeling
1) Define the security of an application 2) Reduce the number of vulnerabilities.
Steps in a software process model
1- A set of tasks that need to be performed 2- The input and output from each task 3- The pre and post conditions for each task 4- The sequence and flow of these tasks.
Major activities in the planning phase of the project management process.
1- Defining & establishing measurable goals for the project 2- Identifying and analyzing the project risks 3- Estimating the work effort, the schedule, and the needed resources or the project cost. 4- Ensuring the project requirements are accurately understood and specified. 5- Determine the project resource allocations of people, process, tools and facilities.
4 stages of the Rational Unified Process
1- Inception 2- Elaboration 3- Construction 4- Transition
COCOMO estimation model steps
1- Pick a project mode 2- Estimate the project size in thousands lines of code. 3- Review cost-drivers, and estimate the amount of impact each will have on the project. 4- Determine the effort of the software project by inserting the estimated values into the effort formula for the chosen mode.
Steps in the waterfall model
1- Requirements 2- Design 3- Code 4- Test 5- Integrate and package.
The iterative SDLC life cycle phases in order
1- Requirements gathering 2- Analysis 3- Design 4- Coding 5- Testing 6- Conversion/maintenance.
Work breakdown structure
A depiction of the project in terms of discrete sub-activities that must be conducted to complete the project.
Work Breakdown Structure
A depiction of the project in terms of the discrete pieces of work needed to complete the project and the ordering of those pieces of work.
Capability Maturity Model (CMM)
A development model referring to the degree of formality & optimization of processes.
Threat Model
A diagram and description that tells a story of how an attacker could exploit the vulnerability. More closely resembles a narrative approach rather than step by step process.
First-order scope map
A diagram of the connections that can occur from the variable's inception to it's retirement.
banned.h
A header file that should be included to keep functions with known exploits out of new code and alerts developers to their use in existing code for possible replacement over time.
Relay attack
A method of compromise on a network in which an attacker races a message against a legitimate sender to get the spoofed message to the recipient before the real message arrives.
Nonfunctional requirement
A quality or constraint for the system signifying something that must be upheld as it operates.
Event log
A record of system behavior, such as successful completion of a process or a change in a state of the system.
Entity relationship model
A relational diagram used to establish tables, table attributes, and relationships within a system
Security requirement
A separate entity that supports an overall objective. It is an associated protection that must be placed on some part of the system as a contingency to normal operation.
Secure requirement
A standard requirement having built-in security to determine the necessary constraints to protect the system as a whole
Semantic Web
A web of data, rather than just a collection of data within HTML pages. A semantic web adds structure and meaning to the existing web. Makes semistructured data useful.
Waterfall method
All the requirements are specified in the first step, uses a document driven approach and has specific & identifiable stages. Also provides a resource to entry level developers.
Developing measures and metrics
Allows for characterization, tracking, evaluation, prediction, and improvement. Maps an attribute of the project to some set of numeric or symbolic entities.
general software development organization
An implementation-independent general organization that includes all the major activities required to develop software articles from inception to release
Crystal clear model
Can be applied to teams of up to 6 or 8 co-located developers working on systems that are not life critical. Roles may be filled by the same ppl , including a project manager and a business expert.
CVSS
Common Vulnerability Scoring System
Project Status Tracking
Compares what was planned with what actually took place. How much effort has been expended vs how much was planned to be expended.
OSI Presentation layer
Concerns with the representation of data and any possible structure of the data for use in the application layer. It is the most common place for encryption to occur.
OSI Data link layer
Converts raw signal transmissions into frames. It adds identifying characteristics to each machines such as MAC addresses to each device on the network.
Agile Model
Cyclical process, supports quick prototyping and limits the time spent thinking about the problem as a whole.
DREAD
Damage - How bad would an attack be? Ranks the extent of harm that occurs if a vulnerability is exploited. Reproducibility - How easy is it to reproduce the attack? Ranks how often an attempt at exploiting a vulnerability really works Exploitability/Vulnerability - How much work is it to launch an attack? Measures the effort required to launch the attack. Affected users - How many ppl will be impacted? Measures the number of installed instances of the system affected by an exploit. Discoverability - How easy is it to discover the threat? States the likelihood that a vulnerability will be found by security researchers or hackers.
OWASP
Dedicated to the production of more secure systems on a massive scale.
TMAP
Defines a set of threat-relevant attributes for each layers or nodes. Defined as either probability-relevant, size-of-loss relevant, or descriptive. These class attributes are primarily derived from Common Vulnerability Scoring System (CVSS)
A final security review takes what form?
Deliverable.
The takedown
Determining if estimated threats are real.
What phase of an update should the placement of new components be logical within the overall structure of the existing system?
Development
Docs: Sufficiency
Docs should allow an external person to easily understand the working of a system and issues that may arise.
Docs: Efficiency
Docs should allow anyone not included in developing the system to easily use the document.
Docs: Organization
Docs should be in a single location. It should be indexed, and its contents identified.
Docs: Purpose
Docs should be meaningful, having a purpose for the system.
Docs: Clarity
Docs should be short and to the point. It should not take substantial effort to read.
2nd quadrant of the spiral model
Evaluate the alternatives to the objectives and constraints.
OSI Application layer
Focuses on what data to transfer and what data to expect in return. At this layer, the software is directly involved in directing network communications.
First step in security requirements planning
Formulating project idea.
Business Analyst
Has the SDLC role to identify the requirements of an application. They must also be able to identify who will be impacted by such application. Also responsible for user acceptance testing.
1st quadrant of the spiral model
Identify the objectives, alternatives or constraints for each cycle of the spiral.
Interpreted code
Is when a high level language is converted to an intermediary language for execution.
Compiled code
Is when a high-level language is converted to a machine code prior to installation and execution
Secure Software Definition
It cannot be intentionally subverted or forced to fail. It is software that remains correct and predictable in spite of intentional efforts to compromise dependability.
Application Security
It combines system engineering techniques, such as defense in depth measures and secure configurations, with operational security practices such as patch and vulnerability management.
Compromises that are a waste of time for a Red Team to repeat
Known
Project Effort Estimation
May be viewed as a set of project factors that may be combined in some form. Usually expressed in terms of person-months or person days.
Software Assurance
Must provide a reasonable level of justifiable confidence that the software will function correctly and predictably in a manner consistent with its documented requirements.
OSI Session layer
Organizes connections between a network node and a remote entity or service. It is also responsible for synchronizing communications and providing necessary checkpoints.
SDLC Deployment phase
Patch & incident management, updating of threat models and security measurements.
Primary activities for software project management process are.
Planning, organizing, monitoring, adjusting.
software support and service
Post-software-release activities related to clarifying user questions and fixing software problems encountered by users.
Boundary Class
Primarily responsible for handling interactions between the actors and the system
Definition of debugging
Problem analysis and resolution
Artifacts used used for controlling a project in Scrum?
Product backlog, sprint backlog, increment, and burn down chart.
Who should work out the approach to the level of defense that will be applied to the Red Team's reported results?
Project management team and devs
OSI Transport layer
Provides end to end transfer, errors detection, and retransmission of data if necessary. TCP/UDP are included here.
OSI Network layer
Provides routing between machines and communication is largely governed by IP suite. The frames of the data link layer are converted into datagrams, or packets, containing addressing information in the form of IP addresses.
Audit log
Records of some aspect of system behavior. Audit logs may be triggered by irregular behavior in a system or error;
Who conducts the code review process as a part of the last phase of the software development process?
Release manager.
Entry criteria for the RUP
Required artifacts, required people, required tools, and required definition of the activity to be performed.
Waterfall Methodology Security concerns
Requirement Analysis: Define Security Features Design: Misuse cases and vulnerability mapping Construction & Implementation: Secure coding practices Testing: Penetration Assessment Installation: Final Security Review Operation or Maintenance: Periodic security reviews & updates.
Monitoring
SDLC mgmnt control domain. -User requirements definition -System requirements definition -Analysis and design. -Implementation & Training -Sustainment
Delivery & Support
SDLC mgmnt control domain. Analysis & Design, System Build /Prototype / Pilot, Implementation and training and sustainment.
Planning/Organization
SDLC mgmnt control domain. Project definition, user requirements, definition and system requirement definition.
Acquisiiton/Implementation
SDLC mgmnt control domain. User requirements definition, system requirement definition, analysis and design system build / prototype / pilot
SQL command that doesn't require admin permissions
SELECT
SDLC Architecture and Design phase
Security patterns, security test planning, security reviews.
SDLC requirements phase
Setting of compliance goals, application of standards, and threat modeling.
Sequence diagram
Shows all the tasks needed for completing an activity and the order in which those tasks must be performed.
Incremental model
Software process model. Viewed as a modification to the waterfall model.
Functional requirement
Something that the system must do; an outcome that the system must produce as part of its useful operation
SDLC
Systems Development Life Cycle
3rd quadrant of the spiral model
Take steps to reduce the risk of achieving the identified objective.
Software security assurance
The basis for gaining justifiable confidence that software will consistently exhibit all properties required to ensure that the software, in operation, will continue to operate dependably despite the presence of sponsored (intentional) faults.
Control class
The class where the logic of the system is implemented.
BAC (budget at completion)
The estimate of the total project effort.
BCW (budget cost of work)
The estimated effort for each of the work tasks.
Conceptual modeling
The non-technical description of a system, it's behaviors, and it's deployment. This is an initial planning phase before any official software of design construction is begun.
Customer management
The set of activities related to ensuring that the customer's needs are properly served.
ACWP (actual cost of work performed)
The sum of actual efforts of all tasks that completed at a specific status-checking date.
BCWS (budgeted cost of work scheduled)
The sum of the estimated effort of all tasks scheduled to be completed at a specific status checking date.
BCWP (budgeted cost of work performed)
The sum of the estimated efforts of all tasks completed at the specific status-checking date.
Fuzz testing
The use of malformed or random input into a system in order to intentionally produce a failure.
STRIDE
Threat model that focuses on the end result of a possible attack rather than the identification. Spoofing identity Tampering with data Repudiation Information disclosure Denial of service Elevation of privilege
What is the process model goal
To provide guidance for systematically coordinating and controlling the tasks that must be performed in order to achieve the end product and the project objectives.
OSI Physical layer
Transmits bits from one device to another and determines the type of connection, such as copper wire, fiber optic, or air.
SDLC Testing phase
Use of attack patterns, automated black & white box activities, 3rd party security assessments, and updating threat models.
4th quadrant of the spiral model
Validate the achievement of the objective and plan for the next cycle.
Project scope
Work that is to be completed.
