D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
1. Software Development Life Cycle (SDLC): A structured process that enables
the production of software
2. What are the 8 phases of the Software Development Lifecycle (SDLC)?: plan-
ning
requirements
design
implementation
testing
deployment
maintenance
end of life
3. SDLC Phase 1: planning - a vision and next steps are created
4. SDLC Phase 2: requirements - necessary software requirements are determined
5. SDLC Phase 3: design - requirements are prepared for the technical design
6. SDLC Phase 4: implementation - the resources involved in the application from
a known resource are determined
7. SDLC Phase 5: testing - software is tested to verify its functions through a known
environment
8. SDLC Phase 6: deployment - security is pushed out
9. SDLC Phase 7: maintenance - ongoing security monitoring is implemented
10. SDLC Phase 8: end of life - the proper steps for removing software completely
are considered
11. Security Development Life Cycle (SDL): A process that standardizes security
best practices
12. Secure Code: A principle design in coding that refers to code security best
practices, safeguards, and protection against vulnerabilities
13. Threat Modeling: A structured process to protect against vulnerabilities
process to pinpoint security threats and potential vulnerabilities that will help priori-
tize remediation
14. Application Security: developing, adding, and testing security features to pre-
vent vulnerabilities within applications
15. Building Security in Maturing Model (BSIMM): a study of real-world software
security that allows you to develop your software security over time
16. OWASP Software Assurance Maturity Model (SAMM): flexible framework for
building security into a software development organization
17. Open Web Application Security Project (OWASP): A flexible and prospective
framework to build security into your software development organization for web
applications
, D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
18. Static Analysis: the analysis of computer software that is performed without
executing programs
19. Dynamic Analysis: the analysis of computer software that is performed when
executing programs on a real or virtual processor in real time
20. Fuzz Testing: automated or semi-automated testing that provides invalid, unex-
pected, or random data to the computer software program
21. National Institute of Standards and Technology (NIST): provides research,
information, and tools for government and corporate information security
22. Measurement Model: A set of data security methods that developers take to
protect against vulnerabilities
23. Metric Model: Allows an organization to determine the effectiveness of its
security controls
24. Waterfall Development: software development methodology that breaks down
development activities into linear sequential phases; each phase depends on the
deliverables of the previous one and corresponds to a specialization of tasks
25. Waterfall Phases (typical): plan -> build -> test -> review -> deploy
26. Iterative Waterfall Development: each phase of a project is broken down into
its own waterfall phases
27. Agile Development: software development methodology that delivers function-
ality in rapid iterations called timeboxes, requiring limited planning but frequent
communication. Mizes traditional and new software development practices.
28. Scrum: framework for Agile that prescribes for teams to break work into goals
to be completed within sprints
flexible, holistic product development strategy where a development team works as
a unit to reach a common goal
29. Scrum Master (Scrum Role): responsible for ensuring a Scrum team is oper-
ating as effectively as possible by keeping the team on track, planning and leading
meetings, and working out any obstacles the team might face
30. Product Owner (Scrum Role): ensures the Scrum team aligns with overall
product goals by managing the product backlog by ordering work by priority, setting
the product vision for the team, and communicating with external stakeholders to
translate their needs to the team
31. Development Team (Scrum Role): professionals who do the hands-on work of
completing the tasks in a Scrum sprint by lending their expertise to program, design,
or improve products
32. Lean Development: software development methodology that focuses on further
isolating risk to the level of an individual feature
Study online at https://quizlet.com/_el210i
1. Software Development Life Cycle (SDLC): A structured process that enables
the production of software
2. What are the 8 phases of the Software Development Lifecycle (SDLC)?: plan-
ning
requirements
design
implementation
testing
deployment
maintenance
end of life
3. SDLC Phase 1: planning - a vision and next steps are created
4. SDLC Phase 2: requirements - necessary software requirements are determined
5. SDLC Phase 3: design - requirements are prepared for the technical design
6. SDLC Phase 4: implementation - the resources involved in the application from
a known resource are determined
7. SDLC Phase 5: testing - software is tested to verify its functions through a known
environment
8. SDLC Phase 6: deployment - security is pushed out
9. SDLC Phase 7: maintenance - ongoing security monitoring is implemented
10. SDLC Phase 8: end of life - the proper steps for removing software completely
are considered
11. Security Development Life Cycle (SDL): A process that standardizes security
best practices
12. Secure Code: A principle design in coding that refers to code security best
practices, safeguards, and protection against vulnerabilities
13. Threat Modeling: A structured process to protect against vulnerabilities
process to pinpoint security threats and potential vulnerabilities that will help priori-
tize remediation
14. Application Security: developing, adding, and testing security features to pre-
vent vulnerabilities within applications
15. Building Security in Maturing Model (BSIMM): a study of real-world software
security that allows you to develop your software security over time
16. OWASP Software Assurance Maturity Model (SAMM): flexible framework for
building security into a software development organization
17. Open Web Application Security Project (OWASP): A flexible and prospective
framework to build security into your software development organization for web
applications
, D487 - Secure Software Design
Study online at https://quizlet.com/_el210i
18. Static Analysis: the analysis of computer software that is performed without
executing programs
19. Dynamic Analysis: the analysis of computer software that is performed when
executing programs on a real or virtual processor in real time
20. Fuzz Testing: automated or semi-automated testing that provides invalid, unex-
pected, or random data to the computer software program
21. National Institute of Standards and Technology (NIST): provides research,
information, and tools for government and corporate information security
22. Measurement Model: A set of data security methods that developers take to
protect against vulnerabilities
23. Metric Model: Allows an organization to determine the effectiveness of its
security controls
24. Waterfall Development: software development methodology that breaks down
development activities into linear sequential phases; each phase depends on the
deliverables of the previous one and corresponds to a specialization of tasks
25. Waterfall Phases (typical): plan -> build -> test -> review -> deploy
26. Iterative Waterfall Development: each phase of a project is broken down into
its own waterfall phases
27. Agile Development: software development methodology that delivers function-
ality in rapid iterations called timeboxes, requiring limited planning but frequent
communication. Mizes traditional and new software development practices.
28. Scrum: framework for Agile that prescribes for teams to break work into goals
to be completed within sprints
flexible, holistic product development strategy where a development team works as
a unit to reach a common goal
29. Scrum Master (Scrum Role): responsible for ensuring a Scrum team is oper-
ating as effectively as possible by keeping the team on track, planning and leading
meetings, and working out any obstacles the team might face
30. Product Owner (Scrum Role): ensures the Scrum team aligns with overall
product goals by managing the product backlog by ordering work by priority, setting
the product vision for the team, and communicating with external stakeholders to
translate their needs to the team
31. Development Team (Scrum Role): professionals who do the hands-on work of
completing the tasks in a Scrum sprint by lending their expertise to program, design,
or improve products
32. Lean Development: software development methodology that focuses on further
isolating risk to the level of an individual feature
