D487 Study Guide (Secure Software Design) Exam
with Questions and Well elaborated, detailed Answer
100% Verified
1. Building Security In Maturity Model (BSIMM): A study of real-world software
security initiatives organized so that you can determine where you stand with your
software security initiative and how to evolve your efforts over time
2. SAMM: offers a roadmap and a well-defined maturity model for secure software
development and deployment, along with useful tools for self-assessment and
planning.
3. Core OpenSAMM activities: Governance
Construction
Verification
Deployment
4. static analysis: Source code of an application is reviewed manually or with
automatic tools without running the code
5. dynamic analysis: Analysis and testing of a program occurs while it is being
executed or run
1/4
, 6. Fuzzing: Injection of randomized data into a software program in an attempt to
find system failures, memory leaks, error handling issues, and improper input
validation
7. OWASP ZAP: -Open-source web application security scanner
-Can be used as a proxy to manipulate traffic running through it (even https)
8. ISO/IEC 27001: Specifies requirements for establishing, implementing, operating,
monitoring, reviewing, maintaining and improving a documented information secu-
rity management system
9. ISO/IEC 17799: ISO/EIC is a joint committee that develops and maintains stan-
dards in the IT industry. is an international code of practice for information security
management. This section defines confidentiality, integrity and availability controls.
10. ISO/IEC 27034: A standard that provides guidance to help organizations embed
security within their processes that help secure applications running in the environ-
ment, including application lifecycle processes
11. Software security champion: a developer with an interest in security who helps
amplify the security message at the team level
12. waterfall methodology: a sequential, activity-based process in which each
phase in the SDLC is performed sequentially from planning through implementation
2/4
with Questions and Well elaborated, detailed Answer
100% Verified
1. Building Security In Maturity Model (BSIMM): A study of real-world software
security initiatives organized so that you can determine where you stand with your
software security initiative and how to evolve your efforts over time
2. SAMM: offers a roadmap and a well-defined maturity model for secure software
development and deployment, along with useful tools for self-assessment and
planning.
3. Core OpenSAMM activities: Governance
Construction
Verification
Deployment
4. static analysis: Source code of an application is reviewed manually or with
automatic tools without running the code
5. dynamic analysis: Analysis and testing of a program occurs while it is being
executed or run
1/4
, 6. Fuzzing: Injection of randomized data into a software program in an attempt to
find system failures, memory leaks, error handling issues, and improper input
validation
7. OWASP ZAP: -Open-source web application security scanner
-Can be used as a proxy to manipulate traffic running through it (even https)
8. ISO/IEC 27001: Specifies requirements for establishing, implementing, operating,
monitoring, reviewing, maintaining and improving a documented information secu-
rity management system
9. ISO/IEC 17799: ISO/EIC is a joint committee that develops and maintains stan-
dards in the IT industry. is an international code of practice for information security
management. This section defines confidentiality, integrity and availability controls.
10. ISO/IEC 27034: A standard that provides guidance to help organizations embed
security within their processes that help secure applications running in the environ-
ment, including application lifecycle processes
11. Software security champion: a developer with an interest in security who helps
amplify the security message at the team level
12. waterfall methodology: a sequential, activity-based process in which each
phase in the SDLC is performed sequentially from planning through implementation
2/4
