Bash, the Crucial Exams Chat Bot
AI Bot
ISC2 CISSP - Software Development Security Flashcards
ISC2 CISSP Flashcards
| Front | Back |
| Define fail-safe defaults. | Deny access by default, granting permissions only when explicitly allowed |
| Define input validation. | Ensuring data meets criteria before processing to prevent injection flaws |
| Describe dependency scanning. | Automated analysis of libraries/frameworks to find known vulnerabilities |
| Explain code signing. | Using digital signatures to verify code integrity and authenticity |
| How can you prevent buffer overflows? | Use bounds checking, safe functions, and modern languages with runtime checks |
| How does parameterized queries prevent SQL injection? | Separates code from data so user input can't alter SQL structure |
| Name one static code analysis tool. | Examples include SonarQube, Fortify, Checkmarx |
| What are security requirements? | Specifications that define confidentiality, integrity, and availability needs |
| What are the five phases of the SDLC? | Initiation (or Planning), Development/Acquisition, Implementation, Operation/Maintenance, Disposal |
| What is a buffer overflow attack? | Overwriting memory by exceeding buffer boundaries, leading to code execution or crashes |
| What is continuous integration/continuous deployment (CI/CD)? | Automated building, testing, and deployment to integrate changes securely and quickly |
| What is dynamic application security testing (DAST)? | Testing a running application for vulnerabilities from an attacker’s perspective |
| What is output encoding? | Transforming output to a safe format for client consumption to prevent XSS |
| What is secure coding? | Writing software to defend against vulnerabilities throughout development |
| What is secure design pattern? | Reusable solution template to address common security problems in design |
| What is session management control? | Techniques like secure cookies, timeouts, and regeneration to protect user sessions |
| What is software composition analysis (SCA)? | Assessing open-source components for license and security risks |
| What is the principle of least privilege? | Granting users or processes only the access needed to perform their tasks |
| What is the purpose of a security baseline? | Establishes minimum configuration and controls for systems and applications |
| What is threat modeling used for in software development? | Identifying, quantifying, and addressing security risks during design |
| Why incorporate security training in SDLC? | Educates developers on threats, reduces coding errors, improves awareness |
| Why is error handling important for security? | Prevents information leakage and ensures graceful failure modes |
This deck addresses secure coding principles, SDLC (Software Development Life Cycle), vulnerabilities, and controls relevant to application security.