1.2 Software Development Principles GMETRIX

Maintenance

Development of service packs and bug fixes.

Service packs and patches are part of the Maintenance step of the application lifecycle

SDLC Management

User training is done during the Implementation phase.

User testing is done during the Testing phase.

Putting a product into production is part of the Deployment phase.

SDLC Management : Development for a group of app container-based projects. What are the first 2 steps?

Planning & design, Requirement analysis

Testing is the 4th step in the cycle

Agile is in a different form of software development

White Box

Testing the internal workings of the application, not functionality or acceptance.

This testing is done by testers that have full knowledge of the hardware and software of the system

Called a testing harness

Black Box

Alpha

Beta

Agile

Involves breaking development up into phases, constantly collaborating with stakeholders, and continuous improvement at every stage

Waterfall

This approach emphasizes a linear progression from the beginning to the end of the project

Scrum

This approach relies in incremental development over sprints of time

DevOps

Integrates processes between software development and IT operations

Distribute the app in a container

If a desktop is going to be run on multiple platforms and multiple operating systems

Hosting it in the cloud

Host the app in the cloud

If the app is a desktop app, hosting it in the cloud is not a viable option.

A developer is building an app where the app and data need to be centrally managed and the interface should be web-based

Virtualizing the app

May not fulfill operating system compatibility requirements

Dictionary

An app that needs to store data in key-value pairs, similar to that of a JSON file; used in afromented apps

Arrays

can have multiple values in a variable

Queues/Stacks

Store multiple objects per queue/stack

Enqueue, Dequeue

The _______ operation adds an item to a queue, whereas the ________ operation removes an item from the queue.

Runs on a first in -first out method

Data Structures (T/F)

Stacks use the LIFO method on data elements.

Queues remove elements from the beginning of their structures

Linked lists, NOT arrays, should be used when data elements need to be inserted after the structure is created

Branching

The duplication of an object under version control

Cloning

The act of making a copy of an entire repository

Merging

The reconciliation of multiple changes to a set of version-controlled files

GitHub

Provides internet hosting for softwaare development and version control and the ability to check in and check out files

Git

Is used by GitHub for source code management

Visual Studio Online(VSOnline)

Also known as Azure DevOps Organizations, allows for storing and working with Visual Studio projects online

Azure Storage

Offers file, blob, and table storage

Merge Conflicts

In Github, merging can cause conflicts, sometimes by competing line changes. These merge conflicts are usually resolved logically using the command line within GitHub

Clone Conflicts

Check-In Conflicts

Check-out Conflicts

Clone the repository

GitHub repositories are remote by default. Cloning a repository makes a local copy of the repository

Duplicate the repository

Copies it, remotely, not locally

Check out the repository

Checking out checks a branch of a respository, not the entire repository

Merge the repository

Merging merges multiple changes to a code file

Check in (GitHub)

The Check-in feature uploads code to the main branch repository.

Checking in code does not automatically update a project repository

Check out (GitHub)

The Check-out feature switches a person from one branch of GitHub to another.

Checking out a branch does not automatically lock the branch

Hashing

A hash is created for the signature, and then the abject with it is hashed again when the object reaches its destination.

Digital signatures use a one-way encryption.

Matching hashes indicate that the object was not changed in transition. Encrytion keys are not used because there is nothing to decrypt

Shared key

Symmetric encryption where the same key is used to encrypt and decrypt the data

SELECT/EXEC keywords

Retrieves data and the EXEC keyword runs stored procedures. Neither one should be allowed within a form field within a web app (SQL does NOT use symbols in its code)

Clickjacking

Tricks a user into selecting a hidden webpade element

Cross-frame scripting

Which uses Javascript to steal from users

Malicious code injections

common cross-site scripting attack that combines malicious JavaScript with an iframe that loads a legitimate page in an effort to steal data from an unsuspecting user. This attack is usually only successful when combined with social engineering.

CSRF & SQL injections

Are not directly related to iFrames

Mitigation Techniques : Anti-Forgery Tokens

in CSRF, it is a hidden field on a form and is used to verify that a user is legitimate

Mitigation Techniques : Same-Site Cookies

Set up data requests only to be sent if the cookie and the request source have matching protocols and hosts

CSRF (Cross-Site Request Forgery)

A type of attack where the user to tricked into performing actions on behalf of the attacker