WGU C706 Secure Software Design Terms (Over 200 Terms) (2022/2023) (Verified)

WGU C706 Secure Software Design Terms (Over 200 Terms) (2022/2023) (Verified) access control The restriction of persons or programs that may access specific information. There are two default policies for this: allow by exception or deny by exception. Access Control List (ACL) The list of persons or programs that are allowed (or, in the case of blacklisting, not allowed) to access a particular resource. Access List Traffic-Based Security plan (ALTBS) A network with no other security measures in place besides a router-based access control list. Active Directory service The directory service used by Microsoft and which is included in Microsoft Server operating systems and serves as a location for managing network resources and security. activity diagram A stepwise graphical description of an action taken by a system in completing a task; it is most often represented using UML. actor A user in a software system; these are modeled to perform user-based tasks in the standard software development lifecycle (SDLC). air gap security A security measure using an internal computer network with no access to the Internet. application programming interface (API) The software system used by a programmer in creating new software; most APIs have built-in routines for error checking and compiling, which may introduce or ignore errors in a language. You should always research the known issues in an API before using it for development. architectural design phase The period during which the high-level overview of the system is developed. archive A backup copy of data or information gathered or used by an organization; it is important to maintain archive copies of software code that is undergoing an update or rewrite. It is also important to archive data in case of system failure or loss. association A relationship between actors and procedures in defining use cases for a system. asymmetric encryption Asymmetric encryption uses one key for encryption and a different key for decryption; it prevents someone who knows one key to both encrypt and decrypt the data. These systems are designed such that knowing one key will not reveal the other key. attack The exploitation of a vulnerability in a software system that causes the system to fail or otherwise misbehave from what is expected in normal operation. attack surface The attack surface of a system is the set of known possible entry points on which an attack may be leveraged against a system. Planning an attack surface is essential for adequately mitigating system risk. attribute (or field) An attribute (also called a field) in a database is a single piece of raw data stored in a database record. An example of this is the first name attribute in an employee record. audit logs Records of some aspect of system behavior. Audit logs may be triggered by irregular behavior in a system or errors; these can provide valuable information in the case of attacks on a system that are recorded. authentication The verification of credentials for permitting a user or program to access a certain resource. Authentication systems suppose that users have a set of permissions that are associated with verification information, such as a username and password for accessing an account. availability The measure of time when a system is operating in a usable manner; the typical measurement of availability is called uptime. avoidance A potential strategy for responding to a threat; this strategy attempts to prevent the system from being open to attack at all. backdoor A method of circumventing normal authentication procedures and allowing unwanted access into a computer system. beta version A nearly complete build of the software that can be used to test for functionality of security flaws before the release of the final software product. This version is typically released to a group of testers or early adopters who will have some responsibility in reporting their experiences and any problems they encounter. binaries The compiled machine code of a software system; these are no longer readable by human beings but can still be scanned by other programs to detect functionality or vulnerabilities. BitLocker Full drive encryption capability included in Microsoft Ultimate and Enterprise editions of Microsoft Windows 7. black-box testing A testing methodology where the test cases are mostly derived from the requirements statements without consideration of the actual code content. block cipher A block cipher operates on multiple bits or symbols at once, treating them as a group for the purposes of encryption or decryption; the typical model of a block cipher is the Feistel cipher, which iterated the encryption process with variants of a given key. boot sector virus A type of malware that resides in the boot sector of the computer, loading before the operating system and therefore evading any detection methods or antivirus software because it is able to control their use. boundary class A boundary class in system planning is an abstraction of data collected directly from a user, typically from a form or other GUI structure. Boundary classes cannot communicate directly with each other. brute force A brute force attack is an attempt to compromise a system by trying all possible values for either a key or password; this will generally take an incredibly long time but will eventually yield results. The expected time to compromise a system by brute force is when half of the possible values have been attempted. certificate authority (CA) A third party in public key encryption algorithms that verifies the public key of one or more of the parties involved (through the use of signed certificated) in a transaction; this prevents fraudulent declarations of public keys by attackers. change management The process used in an organization providing a standard for changes to the network infrastructure. checkpoint A checkpoint in software is a point in execution where the state of the system can be recorded in sufficient detail to resume operation from that point at a later time regardless of subsequent system changes or processes. ciphertext The result of encrypting plaintext; this is often unreadable by human beings and remains unrelated to the original text in a well-constructed cryptosystem. class An abstract collection of data and methods used to perform related actions; a class should maintain the integrity of its data members by enforcing access and manipulation through external calls to its defined methods. cleartext The plain text of a message prior to encryption or after decryption in a cryptosystem. cloud computing A modern paradigm that takes advantage of the decreased cost of storage and network traffic, decoupling data processing and storage from the physical location of a business and possibly separating it across multiple locations or even virtual locations; the distance and location are irrelevant in this model where only the available resources and computing power are considered. cold site A type of recovery where all information technology infrastructure and office space sits in a dormant state. This is the most difficult type of site to bring back online, and it can take several days to bring such systems back up. Commercial Off The Shelf (COTS) COTS software is what is available to any consumer for immediate use; it is one potential means of finding an information system solution to a business problem. communication diagram A communication diagram in object-oriented programming is a mapping of the expected interaction of classes and the information that must pass between them to realize a specific functionality; the most common means of constructing communication diagrams is through the use of UML. compiling Compiling software is the act of translating it from high-level code that can be read by human beings to machine code that can be executed directly by a computer. composite key Consists of more than one column in a database table. conceptual modeling The non-technical description of a system, its behaviors, and its deployment; this is an initial planning phase before any official software design or construction is begun. confidentiality The maintenance of secrecy such that only the parties who should receive the information actually receive it. The most common form of establishing confidentiality is through the use of cryptography. confusion One of Shannon's principles for establishing secrecy in which the relationship between the key and the resulting ciphertext is as complex as possible so that the key cannot be discovered by analyzing the resultant ciphertext. control class A functional class for processing information and controlling interaction in an object-oriented software system. countermeasure A means to eliminate the possibility of an attack or at least to mitigate the amount of damage caused if it occurs, such as failing safely or successfully tolerating a fault. cracker A malicious attacker who attempts to compromise or break a computer system for personal gain or profit; this is another term for a cybercriminal. crib A piece of information that makes breaking an encryption system easier; this can be a piece of ciphertext that is known to equate to certain plaintext or a repeated pattern indicating some property of the key used for the system. cryptographic hash algorithm A means of producing a small, fixed-size block of verification data that can reasonably assert that the data from which it is constructed has not been modified (by passing it through the same algorithm and comparing the results). cryptography The science of transforming information from a humanly readable message to indecipherable information that can only be recovered by persons privy to a secret that transforms the information back into a readable form. cryptosystem A specific means of transforming plaintext into ciphertext and from ciphertext back to plaintext; this system specifies parameters for a key to the transformation without revealing the key itself. data