D487 - SECURE SOFTWARE DESIGN
SDLC Phase 1 - Answers :planning - a vision and next steps are created
SDLC Phase 2 - Answers :requirements - necessary software requirements are
determined
SDLC Phase 3 - Answers :design - requirements are prepared for the technical design
SDLC Phase 4 - Answers :implementation - the resources involved in the application
from a known resource are determined
SDLC Phase 5 - Answers :testing - software is tested to verify its functions through a
known environment
SDLC Phase 6 - Answers :deployment - security is pushed out
SDLC Phase 7 - Answers :maintenance - ongoing security monitoring is implemented
SDLC Phase 8 - Answers :end of life - the proper steps for removing software
completely are considered
BSIMM - Answers :a study of real-world software security that allows you to develop
your software security over time
OWASP SAMM - Answers :flexible framework for building security into a software
development organization
Static Analysis - Answers :the analysis of computer software that is performed without
executing programs
Dynamic Analysis - Answers :the analysis of computer software that is performed when
executing programs on a real or virtual processor in real time
Fuzz Testing - Answers :automated or semi-automated testing that provides invalid,
unexpected, or random data to the computer software program
Waterfall Development - Answers :software development methodology that breaks
down development activities into linear sequential phases; each phase depends on the
deliverables of the previous one and corresponds to a specialization of tasks
Waterfall Phases (typical) - Answers :plan -> build -> test -> review -> deploy
Iterative Waterfall Development - Answers :each phase of a project is broken down into
its own waterfall phases
, Agile Development - Answers :software development methodology that delivers
functionality in rapid iterations called timeboxes, requiring limited planning but frequent
communication
Scrum - Answers :framework for Agile that prescribes for teams to break work into goals
to be completed within sprints
Scrum Master (Scrum Role) - Answers :responsible for ensuring a Scrum team is
operating as effectively as possible by keeping the team on track, planning and leading
meetings, and working out any obstacles the team might face
Product Owner (Scrum Role) - Answers :ensures the Scrum team aligns with overall
product goals by managing the product backlog by ordering work by priority, setting the
product vision for the team, and communicating with external stakeholders to translate
their needs to the team
Development Team (Scrum Role) - Answers :professionals who do the hands-on work
of completing the tasks in a Scrum sprint by lending their expertise to program, design,
or improve products
Lean Development - Answers :software development methodology that focuses on
further isolating risk to the level of an individual feature
V-Model - Answers :a variation of the waterfall model, where the stage is turned back
upwards after the coding phase
Extreme Programming (XP) - Answers :an Agile methodology that is intended to
improve software quality and responsiveness
Software Security Architect - Answers :ensures that the stakeholder security
requirements necessary to protect the organization's mission and business processes
are adequately addressed
Software Security Champion - Answers :an expert on promoting security awareness,
best practices, and simplifying software security
Software Security Evangelist - Answers :an expert to promote awareness of products to
the wider software community
Functional Requirements - Answers :describe what the system will do and its core
purpose
Non-Functional Requirements - Answers :describe any constraints or restrictions on a
design but do not impact the core purpose of the system
SDLC Phase 1 - Answers :planning - a vision and next steps are created
SDLC Phase 2 - Answers :requirements - necessary software requirements are
determined
SDLC Phase 3 - Answers :design - requirements are prepared for the technical design
SDLC Phase 4 - Answers :implementation - the resources involved in the application
from a known resource are determined
SDLC Phase 5 - Answers :testing - software is tested to verify its functions through a
known environment
SDLC Phase 6 - Answers :deployment - security is pushed out
SDLC Phase 7 - Answers :maintenance - ongoing security monitoring is implemented
SDLC Phase 8 - Answers :end of life - the proper steps for removing software
completely are considered
BSIMM - Answers :a study of real-world software security that allows you to develop
your software security over time
OWASP SAMM - Answers :flexible framework for building security into a software
development organization
Static Analysis - Answers :the analysis of computer software that is performed without
executing programs
Dynamic Analysis - Answers :the analysis of computer software that is performed when
executing programs on a real or virtual processor in real time
Fuzz Testing - Answers :automated or semi-automated testing that provides invalid,
unexpected, or random data to the computer software program
Waterfall Development - Answers :software development methodology that breaks
down development activities into linear sequential phases; each phase depends on the
deliverables of the previous one and corresponds to a specialization of tasks
Waterfall Phases (typical) - Answers :plan -> build -> test -> review -> deploy
Iterative Waterfall Development - Answers :each phase of a project is broken down into
its own waterfall phases
, Agile Development - Answers :software development methodology that delivers
functionality in rapid iterations called timeboxes, requiring limited planning but frequent
communication
Scrum - Answers :framework for Agile that prescribes for teams to break work into goals
to be completed within sprints
Scrum Master (Scrum Role) - Answers :responsible for ensuring a Scrum team is
operating as effectively as possible by keeping the team on track, planning and leading
meetings, and working out any obstacles the team might face
Product Owner (Scrum Role) - Answers :ensures the Scrum team aligns with overall
product goals by managing the product backlog by ordering work by priority, setting the
product vision for the team, and communicating with external stakeholders to translate
their needs to the team
Development Team (Scrum Role) - Answers :professionals who do the hands-on work
of completing the tasks in a Scrum sprint by lending their expertise to program, design,
or improve products
Lean Development - Answers :software development methodology that focuses on
further isolating risk to the level of an individual feature
V-Model - Answers :a variation of the waterfall model, where the stage is turned back
upwards after the coding phase
Extreme Programming (XP) - Answers :an Agile methodology that is intended to
improve software quality and responsiveness
Software Security Architect - Answers :ensures that the stakeholder security
requirements necessary to protect the organization's mission and business processes
are adequately addressed
Software Security Champion - Answers :an expert on promoting security awareness,
best practices, and simplifying software security
Software Security Evangelist - Answers :an expert to promote awareness of products to
the wider software community
Functional Requirements - Answers :describe what the system will do and its core
purpose
Non-Functional Requirements - Answers :describe any constraints or restrictions on a
design but do not impact the core purpose of the system
