SECURE SOFTWARE DESIGN EXAM QUESTIONS
WITH COMPLETE ANSWERS [ GRADED A+]
Software Assurance - ✔✔Must provide a reasonable level of justifiable
confidence that the software will function correctly and predictably in a
manner consistent with its documented requirements.
Software security assurance - ✔✔The basis for gaining justifiable
confidence that software will consistently exhibit all properties
required to ensure that the software, in operation, will continue to
operate dependably despite the presence of sponsored (intentional)
faults.
,Secure Software Definition - ✔✔It cannot be intentionally subverted or
forced to fail. It is software that remains correct and predictable in spite
of intentional efforts to compromise dependability.
Application Security - ✔✔It combines system engineering techniques,
such as defense in depth measures and secure configurations, with
operational security practices such as patch and vulnerability
management.
The 3 risks of re-engineered software - ✔✔-Modifications maybe
required to integrate the new functions with the unmodified portions.
-New vulns may be introduced by the increasing complexity of the
system.
-Any unexpected behavior in the overall system may manifest itself as a
new vuln
SDLC - ✔✔Systems Development Life Cycle
, SDLC requirements phase - ✔✔Setting of compliance goals, application
of standards, and threat modeling.
SDLC Architecture and Design phase - ✔✔Security patterns, security
test planning, security reviews.
SDLC Development phase - ✔✔-Code review
-Use of security patterns
-Flaw and bug mitigation
-Unit security testing.
SDLC Testing phase - ✔✔Use of attack patterns, automated black &
white box activities, 3rd party security assessments, and updating
threat models.
SDLC Deployment phase - ✔✔Patch & incident management, updating
of threat models and security measurements.
WITH COMPLETE ANSWERS [ GRADED A+]
Software Assurance - ✔✔Must provide a reasonable level of justifiable
confidence that the software will function correctly and predictably in a
manner consistent with its documented requirements.
Software security assurance - ✔✔The basis for gaining justifiable
confidence that software will consistently exhibit all properties
required to ensure that the software, in operation, will continue to
operate dependably despite the presence of sponsored (intentional)
faults.
,Secure Software Definition - ✔✔It cannot be intentionally subverted or
forced to fail. It is software that remains correct and predictable in spite
of intentional efforts to compromise dependability.
Application Security - ✔✔It combines system engineering techniques,
such as defense in depth measures and secure configurations, with
operational security practices such as patch and vulnerability
management.
The 3 risks of re-engineered software - ✔✔-Modifications maybe
required to integrate the new functions with the unmodified portions.
-New vulns may be introduced by the increasing complexity of the
system.
-Any unexpected behavior in the overall system may manifest itself as a
new vuln
SDLC - ✔✔Systems Development Life Cycle
, SDLC requirements phase - ✔✔Setting of compliance goals, application
of standards, and threat modeling.
SDLC Architecture and Design phase - ✔✔Security patterns, security
test planning, security reviews.
SDLC Development phase - ✔✔-Code review
-Use of security patterns
-Flaw and bug mitigation
-Unit security testing.
SDLC Testing phase - ✔✔Use of attack patterns, automated black &
white box activities, 3rd party security assessments, and updating
threat models.
SDLC Deployment phase - ✔✔Patch & incident management, updating
of threat models and security measurements.
