Saturday, August 14, 2010

CISSP - Application Security

Waterfall Model - discrete sequential steps

SDLC Phases
1. Project Initiation and Planning
2. Functional Requirements Definition
3. System Design Specifications
4. Development and Implementation
5. Documentation and Common Program Controls
6. Testing and Evaluation Control, Certification, and Accredidation
7. Transition to Production (Implementation)
8. Operations and Maintenance Support
9. Revisions and System Replacement

Data Dictionary - database of schemas

Mobile Code - code that can be executed in network browsers (ie, firefox)

Software Capability Maturity Model

1. Initiating
2. Repeatable (Project Management has been documented)
3. Defined (quantitative process improvement)
4. Managed
5. Optimizing

replaced in 2007 by CMMI = CMM + Integration

now has 22 process areas

Distributed System Requirements

1. interoperability
2. portability
3. transparency
4. extensibility
5. security

spoofing is changing the ip address, masquerading is changing the email from or caller id

perturbation - is injecting noise (meaningless data) to prevent inferrence.

SODA - Secure Object-Oriented Database Access - uses polyinstantiation to remedy the multiparty update conflict

Change Control Process

1. formal request
2. analyze
3. record
4. approve
5. develop (ie. scripts)
6. report to management

No comments:

Post a Comment