21 jun. 2014

CISSP: Software Development Security

Application Development Methods
Waterfall Model: Linear application development. Rigid phases
Sashimi model:
Agile Software Development:
Scrum
Extreme Programming

Spiral Model: Designed to control Risk
Rapid Application Development: Protypes.

SDLC 
Prepare Security Plan
Initiation
Development/Adquisition
Implementation
Operation/Maintenance
Disposal

Software Vulnerabilities:
Buffer Overflow
Cross Site Scripting
Privilege escalation

Software Testing Methods
Static Testing
Dynamic Testing
WhiteBox
BlackBox

Testing Levels:
Unit Testing
Installation Testing
Integration Testing
Regression Testing
Acceptance Testing



Software Capability Maturity Model (CCM)
Initial
Repeatable
Defined
Managed
Optimizing

Database Systems
Relational:
-DDL
-DML
Hierarchical
Object Oriented

IA
Expert Systems: Knowledge base, Inference Engine
Neural Networks: Training



Issues:
Aggregation
Inference

Mobile Code
Java
ActiveX



No hay comentarios.:

Publicar un comentario