Select Page

key points to understand in Software Development Security

CISSP

1. Code Review

  • Description: A peer-driven process where multiple developers review code to ensure quality and identify defects. It can be manual or automated and is typically performed after code development. Reviews can cover several hundred lines of code per hour.

2. Strong Passwords

  • Description: Strong passwords are essential for security. Social engineering is a common attack method used to bypass password protections, making it important to combine strong passwords with other security measures.

3. Threat Modeling

  • Description: The process of identifying potential security threats and vulnerabilities in the design and implementation of systems. Its goals include reducing the number of security-related design and coding flaws and minimizing the impact of non-security-related issues.

4. Aggregate

  • Description: Refers to summarizing large amounts of data to provide only the essential summary information, which can simplify data analysis and reporting.

5. Port Scan

  • Description: An attack method where the attacker sends connection attempts to a series of commonly used ports on a target system to identify open ports and potential vulnerabilities.

6. Account Class Example

  • Attributes of Class:
    • Balance: currency = 0
    • Owner: string
  • Methods of Class:
    • AddFunds(deposit: currency)
    • RemoveFunds(withdrawal: currency)

7. JavaScript vs. Compiled Languages

  • Description: JavaScript is an interpreted language, meaning it is executed directly by the browser or runtime without prior compilation into machine code. In contrast, languages like Java, C, and C++ are compiled, converting code into an executable format before runtime.

8. Directory Traversal Attack

  • Description: An attack where an attacker manipulates input to traverse directories and access restricted files on a server. For example, %252E%252Fetc/passwd translates to ../etc/passwd, potentially exposing sensitive files.

9. Open System

  • Description: A system with published APIs that allow third parties to develop compatible products and services.

10. Closed System

  • Description: A proprietary system with no third-party product support or public APIs, and the source code may not be accessible.

11. Open Source

  • Description: Software with publicly available source code that can be viewed, modified, and distributed freely or for a fee.

12. Closed Source

  • Description: Software with confidential source code that is not available for public view or modification. It may be reverse-engineered or decompiled.

13. API Keys

  • Description: Sensitive authentication tokens used to access web services. They should be stored securely and transmitted over encrypted channels to prevent unauthorized access.

14. Nessus

  • Description: A popular vulnerability scanner developed by Tenable Network Security. It uses various techniques, including port scanning, to detect vulnerabilities by identifying open ports and associated services.

Latest Post:

Pin It on Pinterest