Secure Software Development and Software Engineering Concepts

These flashcards cover key concepts from the lecture notes on secure software development and software engineering.

Confidentiality

Ensures that only authorized individuals or systems can access sensitive information.

Integrity

Guarantees the accuracy and completeness of data, preventing unauthorized modification or deletion.

Availability

Ensures that authorized users can access information and resources when needed.

Infrastructure Security

Focuses on securing the underlying infrastructure, including networks and servers.

Application Security

Focuses on securing individual applications through practices such as secure coding.

Operational Security

Involves the secure operation and use of systems, including security policies and user training.

Asset

Something of value that needs protection, such as data or hardware.

Attack

An exploitation of a system's vulnerability.

Control

A protective measure that reduces a system's vulnerability.

Exposure

Possible loss or harm to a computing system.

Threat

Circumstances that have the potential to cause loss or harm.

Vulnerability

A weakness in a computer-based system that may be exploited to cause loss or harm.

Authentication

Verifying the identity of a user or device.

Authorization

Determining what a user or device is allowed to access or do.

Denial-of-Service (DoS) attack

An attack that makes a system or part of a system unavailable.

Interception

Unauthorized access to an asset.

Interruption

Making a system or part of a system unavailable.

Modification

Tampering with a system asset.

Fabrication

Inserting false information into a system.

Architectural Design

Decisions about system architecture that impact security.

Design Compromises

Balancing security features with performance and usability.

Protection Requirements

Define how the system should protect its assets.

Security Testing

Verifying the system's ability to resist attacks.

Penetration Testing

Simulating real-world attacks to identify vulnerabilities.

Asset Identification

Identifying valuable assets that need protection.

Threat Identification

Identifying potential threats to assets.

Risk Assessment

Identifying, analyzing, and mitigating security risks.

Agile Development

An iterative approach where software is developed and delivered incrementally.

Plan-Driven Development

A traditional approach where the software development process is planned upfront.

Software Measurement

Assigning numerical values to software attributes to enable objective comparisons.

Non-Functional Characteristics

Subjective qualities based on aspects like reliability and usability.

Software Standards

Formal specifications defining attributes of software products or processes.

Reviews and Inspections

Systematic examinations of software artifacts to identify potential problems.

Static Metrics

Metrics measured without executing the software.

Dynamic Metrics

Metrics that require the execution of software for assessment.

Service-Oriented Architecture (SOA)

A software design paradigm where applications are composed of discrete, self-contained services.

Loose Coupling

Services interact through standardized interfaces, minimizing dependencies.

Service Registry

A central repository that stores information about available services.

Service Composition

The process of combining multiple services to create a composite service.

Utility Services

Services that provide general-purpose functionality used by different business processes.

Business Services

Services associated with a specific business function.

SOAP

A messaging protocol for exchanging information between applications.

WSDL

An XML-based language for describing web services.

REST

An architectural style for building web services based on resources and standard HTTP methods.

Service Testing Challenges

Include external dependencies and unpredictable non-functional behavior.

Agile Quality Management

Emphasizes a quality culture where all team members share responsibility for quality.

Motivation

Organizing work and the environment to encourage effective work.

Project Risks

Risks that affect schedule or resources.

Product Risks

Risks that affect software quality or performance.

Business Risks

Risks that affect the organization as a whole.

Change Acceptance

Maintainability of affected components in the software.

Change Implementation

Impact of changes on system maintainability.

Software Re-engineering

Restructuring or rewriting parts of a legacy system without changing its functionality.

Refactoring

Improving a program to slow down degradation through change.

Change Requests

Formal requests for changes in the software development process.

Impact Analysis

Assessing the effects of proposed changes on the system.

Fault Repair

Fixing bugs and vulnerabilities during maintenance.

Service Deployment

The process of making a service available for use.

Service Validation and Testing

Rigorous testing to ensure the service meets its requirements.

Agile Practices for Quality

Practices that prioritize quality management in Agile development.

Software Analytics

Automated analysis of large software datasets for decision-making.

Software Pricing

Determining the final price charged to a client.

Contractual Terms

Terms of the contract that significantly impact pricing.

Requirements Volatility

Likelihood of changes in requirements.

Pricing Strategies

Various methods used to set software pricing.

Task Breakdown

Dividing the project into smaller tasks for better organization.

Time and Resource Estimation

Estimating the required time and resources for tasks.

Agile Planning Challenges

Difficulties that arise in agile project planning.

Team Effectiveness Factors

Factors contributing to the effectiveness of a software development team.

Group Cohesiveness

A measure of how well group members work together.

Technical Debt

Short-term gains in development speed leading to long-term maintenance costs.

Configuration Management Plan

Procedures for managing software versions and changes.

Quality Management

Ensuring that software meets specified requirements and fulfilling its intended purpose.

Change Implementation Time

Time required to implement changes in the software.

User Stories

Descriptive features from the user's perspective.

Software Evolution

The process of continuously adapting software to meet new requirements.

Incident Management

Handling urgent change requests and emergencies.

Guidelines for Secure Coding

Best practices for writing code that minimizes vulnerabilities.

Digital Signatures

Using cryptography to verify data authenticity and integrity.

Access Control Lists (ACLs)

Defining permissions for users and groups.

Multi-Factor Authentication (MFA)

Using multiple authentication methods to enhance security.

Security Information and Event Management (SIEM)

Tools and processes for collecting and analyzing security data.

Data Loss Prevention (DLP)

Strategies to prevent sensitive data from being lost or accessed unauthorized.

Redundancy

Using multiple components to increase availability and resilience.

Service Consumer

The entity that uses a service.

Service Provider

The entity that develops, deploys, and manages a service.

Service Requirements

Functional and non-functional requirements for a service.

Service Design Patterns

Design patterns specifically for service-oriented architectures.

Regression Testing

Testing previously developed and tested software after changes.

Agile vs. Traditional Quality Management

Differences in approach between Agile and traditional methods for quality assurance.

Formal Verification

Mathematically proving the system's security properties.

Software Baselines

Agreed-upon versions of software used as reference points.

Stakeholder Involvement

Engagement of key individuals in the software development process.

Risk Mitigation Strategies

Approaches to minimize the impact of identified risks.

Feedback Mechanisms

Methods for receiving and addressing stakeholder input.

Continuous Integration

The practice of merging code changes frequently to detect issues early.

Time and Quality Trade-off

Balancing project time with the quality of deliverables.

Cost-Benefit Analysis

Evaluating the costs versus benefits of software requirements.

Security Breach

Unauthorized access to sensitive information.

User Acceptance Testing (UAT)

Final testing phase before software goes live, involving end-users.