D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
1. Software Devel- A structured process that enables the production of software
opment Life Cy-
cle (SDLC)
2. What are the 8 planning
phases of the requirements
Software Devel- design
opment Lifecycle implementation
(SDLC)? testing
deployment
maintenance
end of life
3. SDLC Phase 1 planning - a vision and next steps are created
4. SDLC Phase 2 requirements - necessary software requirements are determined
5. SDLC Phase 3 design - requirements are prepared for the technical design
6. SDLC Phase 4 implementation - the resources involved in the application from a known resource
are determined
7. SDLC Phase 5 testing - software is tested to verify its functions through a known environment
8. SDLC Phase 6 deployment - security is pushed out
9. SDLC Phase 7 maintenance - ongoing security monitoring is implemented
10. SDLC Phase 8 end of life - the proper steps for removing software completely are considered
11. Security Develop- A process that standardizes security best practices
ment Life Cycle
(SDL)
, D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
12. Secure Code A principle design in coding that refers to code security best practices, safeguards,
and protection against vulnerabilities
13. Threat Modeling A structured process to protect against vulnerabilities
process to pinpoint security threats and potential vulnerabilities that will help
prioritize remediation
14. Application Secu- developing, adding, and testing security features to prevent vulnerabilities within
rity applications
15. Building Security a study of real-world software security that allows you to develop your software
in Maturing Mod- security over time
el (BSIMM)
16. OWASP Soft- flexible framework for building security into a software development organization
ware Assurance
Maturity Model
(SAMM)
17. Open Web Ap- A flexible and prospective framework to build security into your software devel-
plication Security opment organization for web applications
Project (OWASP)
18. Static Analysis the analysis of computer software that is performed without executing programs
19. Dynamic Analysis the analysis of computer software that is performed when executing programs on
a real or virtual processor in real time
20. Fuzz Testing automated or semi-automated testing that provides invalid, unexpected, or ran-
dom data to the computer software program
21. National Insti- provides research, information, and tools for government and corporate informa-
tute of Standards tion security
, D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
and Technology
(NIST)
22. Measurement A set of data security methods that developers take to protect against vulnerabil-
Model ities
23. Metric Model Allows an organization to determine the effectiveness of its security controls
24. Waterfall Devel- software development methodology that breaks down development activities into
opment linear sequential phases; each phase depends on the deliverables of the previous
one and corresponds to a specialization of tasks
25. Waterfall Phases plan -> build -> test -> review -> deploy
(typical)
26. Iterative Water- each phase of a project is broken down into its own waterfall phases
fall Development
27. Agile Develop- software development methodology that delivers functionality in rapid iterations
ment called timeboxes, requiring limited planning but frequent communication. Mizes
traditional and new software development practices.
28. Scrum framework for Agile that prescribes for teams to break work into goals to be
completed within sprints
flexible, holistic product development strategy where a development team works
as a unit to reach a common goal
29. Scrum Master responsible for ensuring a Scrum team is operating as effectively as possible by
(Scrum Role) keeping the team on track, planning and leading meetings, and working out any
obstacles the team might face
30. Product Owner ensures the Scrum team aligns with overall product goals by managing the
(Scrum Role) product backlog by ordering work by priority, setting the product vision for the
Study online at https://quizlet.com/_el210i
1. Software Devel- A structured process that enables the production of software
opment Life Cy-
cle (SDLC)
2. What are the 8 planning
phases of the requirements
Software Devel- design
opment Lifecycle implementation
(SDLC)? testing
deployment
maintenance
end of life
3. SDLC Phase 1 planning - a vision and next steps are created
4. SDLC Phase 2 requirements - necessary software requirements are determined
5. SDLC Phase 3 design - requirements are prepared for the technical design
6. SDLC Phase 4 implementation - the resources involved in the application from a known resource
are determined
7. SDLC Phase 5 testing - software is tested to verify its functions through a known environment
8. SDLC Phase 6 deployment - security is pushed out
9. SDLC Phase 7 maintenance - ongoing security monitoring is implemented
10. SDLC Phase 8 end of life - the proper steps for removing software completely are considered
11. Security Develop- A process that standardizes security best practices
ment Life Cycle
(SDL)
, D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
12. Secure Code A principle design in coding that refers to code security best practices, safeguards,
and protection against vulnerabilities
13. Threat Modeling A structured process to protect against vulnerabilities
process to pinpoint security threats and potential vulnerabilities that will help
prioritize remediation
14. Application Secu- developing, adding, and testing security features to prevent vulnerabilities within
rity applications
15. Building Security a study of real-world software security that allows you to develop your software
in Maturing Mod- security over time
el (BSIMM)
16. OWASP Soft- flexible framework for building security into a software development organization
ware Assurance
Maturity Model
(SAMM)
17. Open Web Ap- A flexible and prospective framework to build security into your software devel-
plication Security opment organization for web applications
Project (OWASP)
18. Static Analysis the analysis of computer software that is performed without executing programs
19. Dynamic Analysis the analysis of computer software that is performed when executing programs on
a real or virtual processor in real time
20. Fuzz Testing automated or semi-automated testing that provides invalid, unexpected, or ran-
dom data to the computer software program
21. National Insti- provides research, information, and tools for government and corporate informa-
tute of Standards tion security
, D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
and Technology
(NIST)
22. Measurement A set of data security methods that developers take to protect against vulnerabil-
Model ities
23. Metric Model Allows an organization to determine the effectiveness of its security controls
24. Waterfall Devel- software development methodology that breaks down development activities into
opment linear sequential phases; each phase depends on the deliverables of the previous
one and corresponds to a specialization of tasks
25. Waterfall Phases plan -> build -> test -> review -> deploy
(typical)
26. Iterative Water- each phase of a project is broken down into its own waterfall phases
fall Development
27. Agile Develop- software development methodology that delivers functionality in rapid iterations
ment called timeboxes, requiring limited planning but frequent communication. Mizes
traditional and new software development practices.
28. Scrum framework for Agile that prescribes for teams to break work into goals to be
completed within sprints
flexible, holistic product development strategy where a development team works
as a unit to reach a common goal
29. Scrum Master responsible for ensuring a Scrum team is operating as effectively as possible by
(Scrum Role) keeping the team on track, planning and leading meetings, and working out any
obstacles the team might face
30. Product Owner ensures the Scrum team aligns with overall product goals by managing the
(Scrum Role) product backlog by ordering work by priority, setting the product vision for the
