Secure Software Development and Software Engineering Concepts

This set of flashcards focuses on vocabulary related to secure software development and concepts in software engineering, including security dimensions, software reuse, project management, and quality assurance.

Confidentiality

Ensures that sensitive information is accessed only by authorized individuals or systems.

Integrity

Guarantees the accuracy and completeness of data, preventing unauthorized modification or deletion.

Availability

Ensures that authorized users can access information and resources when needed.

Infrastructure Security

Focuses on securing the underlying infrastructure including networks, servers, and physical security.

Application Security

Focuses on securing individual applications through secure coding practices and authentication.

Operational Security

Concerns the secure operation and use of systems and involves security policies and training.

Asset

Something of value that needs protection, such as data or hardware.

Attack

An exploitation of a system's vulnerability, like SQL injection or denial-of-service.

Control

A protective measure that reduces a system's vulnerability.

Exposure

Possible loss or harm to a computing system.

Threat

Circumstances that can cause loss or harm to an asset.

Vulnerability

A weakness in a system that may be exploited to cause loss or harm.

Authentication

Verifying the identity of a user or device.

Authorization

Determining what a user or device is allowed to access or do.

Interception

Unauthorized access to an asset.

Interruption

Making a system or part of it unavailable.

Modification

Tampering with a system asset.

Fabrication

Inserting false information into a system.

Architectural Design

Decisions about system architecture that impact security.

Design Compromises

Balancing security features with performance and usability.

Design Risk Assessment

Identifying and mitigating potential vulnerabilities during the design phase.

Protection Requirements

Defines how the system should protect its assets.

Distribution

Distributing assets to reduce the impact of a successful attack.

Security Testing

Verifying the system's ability to resist attacks.

Security Validation

Demonstrating that the system meets its security requirements.

Experience-Based Testing

Testing based on known attack patterns and vulnerabilities.

Penetration Testing

Simulating attacks to identify vulnerabilities.

Tool-Based Analysis

Using automated tools to analyze the system for vulnerabilities.

Formal Verification

Mathematically proving the system's security properties.

Asset Identification

Identifying valuable assets needing protection.

Risk Assessment

Identifying, analyzing, and mitigating security risks.

Layered Security

Implementing security at multiple layers to enhance protection.

Fail Securely

System failures should not compromise security.

Redundancy

Using multiple components to increase availability and resilience.

Penetration Testing

Simulating real-world attacks to identify vulnerabilities.

Technical Debt

Short-term gains in development speed leading to long-term maintenance costs.

Legacy Systems

Older systems reliant on outdated languages and technologies.

System Hardware

May be obsolete or unavailable impacting legacy systems.

Business Processes

May be coupled tightly with legacy systems.

Legacy System Replacement

Risky and expensive, often avoided due to incomplete specifications.

Software Reuse

Using existing software components or systems to build new software.

Component Reuse

Reusing individual components, from subsystems to single objects.

Object Reuse

Reusing small-scale components that implement specific functions.

Software Product Lines

Families of related applications sharing a common architecture.

Service-Oriented Architecture (SOA)

A design paradigm where applications are composed of discrete services.

Loose Coupling

Services with minimal dependencies allowing independent evolution.

Service Registry

A central repository storing information about available services.

Service Provider

The entity that develops, deploys, and manages a service.

Service Consumer

The entity that utilizes a service.

Business Services

Services associated with specific business functions.

Utility Services

General-purpose functionality used by different business processes.

SOAP (Simple Object Access Protocol)

A protocol for exchanging information over a network.

WSDL (Web Services Description Language)

Describes web services defining operations and formats.

REST (Representational State Transfer)

An architectural style using resources and standard HTTP methods.

Service Composition

Combining multiple services to create a new service or application.

Workflow Management

Managing sequences of activities in service orchestrations.

Agile Quality Management

Focuses on a quality culture shared responsibility within teams.

Static Metrics

Assess quality attributes without executing software.

Dynamic Metrics

Require execution to assess attributes like performance.

Software Analytics

Automated analysis of software data for decision-making.

COCOMO Model

A cost estimation model for software development.

Risk Management Process

Involves identifying, analyzing, planning for, and monitoring risks.

Project Planning

Creating comprehensive plans to guide software projects.

Agile Planning

Iterative approach developing and delivering software incrementally.

Proposal Writing

Documenting project objectives and methods to secure contracts.

Quality Assurance Techniques

Includes reviews and inspections to identify software defects.

Continuous Integration

Practice of frequently integrating code changes into repositories.

Pair Programming

Two developers collaboratively writing code to improve code quality.

Modularity

Decomposing a system into independent modules.

Testability

Ease of testing a software system.

Usability

Ease with which users can learn and use a system.

Maintainability

Ease of modification and enhancement of software.

Portability

Adaptability of software to different environments.

Resilience

Ability of software to recover from failures.

Robustness

Ability of a system to handle errors and unexpected inputs.

Documentation

Written material providing information about software systems.

Refactoring

Improving a program's structure without adding functionality.

Security Testing

Verifying that a system can resist attacks.

Version Control

Managing changes to software code and documentation.

Regression Testing

Confirming that changes have not adversely affected existing features.

Risk Mitigation

Strategies developed to minimize potential risks.

User Stories

Short descriptions of features from the end users' perspective.

Velocity in Agile

Measure of the amount of work a team can accomplish in an iteration.

Estimation Techniques

Methods for estimating effort and time for tasks.

Budget Constraints

Limitations on budget impacting project delivery.

Quality Management System

Formal system to ensure quality is maintained.

Stakeholder Engagement

Involving relevant parties throughout the project lifecycle.

Monitoring Mechanisms

Systems for tracking project progress and reporting.

Performance Metrics

Quantitative measures of a software system's performance.

Change Requests

Formal requests for modifications in the project.

Traceability

Ability to track changes and requirements throughout the project.

Standards Compliance

Adhering to established norms and practices in quality.

Agile Retrospectives

Reflection meetings to improve future iterations.

Complexity Metrics

Tools for measuring the complexity of software, impacting maintainability.

Test-Driven Development (TDD)

Development approach where tests are written before coding.

External Interfaces

Points of interaction between different systems.

Incident Management

Systematic approach to handling incidents affecting software.

Use Case Analysis

Assessment of functional requirements through user interactions.

Service Level Agreements (SLAs)

Contractual commitments between service providers and consumers.

Microservices

Architectural style that structures an application as a collection of loosely coupled services.