- Shuffle
Toggle OnToggle Off
- Alphabetize
Toggle OnToggle Off
- Front First
Toggle OnToggle Off
- Both Sides
Toggle OnToggle Off
Front
How to study your flashcards.
Right/Left arrow keys: Navigate between flashcards.right arrow keyleft arrow key
Up/Down arrow keys: Flip the card between the front and back.down keyup key
H key: Show hint (3rd side).h key
PLAY BUTTON
PLAY BUTTON
17 Cards in this Set
- Front
- Back
|
Cigital's Three critical sub-processes for architectural risk analysis
|
1) Underlying framework weakness
2) Attack resistance analysis 3) Ambiguity analysis |
|
Describe Cigital's Underlying framework weakness
|
1) Shows dependencies on toolkits and frameworks
2) How solid is the foundation? 3) How solid is the usage of the foundation? |
|
Describe Cigital's Attack resistance analysis
|
1) Apply checklist of known attacks
2) Risk-based judgment of fitness |
|
Describe Cigital's Ambiguity analysis
|
1) Find attacks based on how the system works
2) Expose invalid assumptions |
|
What is BSIMM?
|
Building Security In Maturity Module.
The purpose of the BSIMM is to quantify the activities carried out by real software security initiatives. BSIMM3 was published 2011 |
|
What is the BSIMM method?
|
1. We relied on our own knowledge of software security practices to create the Software Security
Framework. We conducted a series of nine in-person interviews with executives in charge of software security initiatives. 3. We used the same interview technique to conduct thirty-three additional BSIMM assessments. |
|
What are BSIMMS objectives?
|
• Informed risk management decisions
• Clarity on what is “the right thing to do” for everyone involved in software security • Cost reduction through standard, repeatable processes • Increased code quality |
|
What does BSIMM mean by a satelite?
|
A group of interested and engaged developers, architects, software managers, and testers who have a
natural affinity for software security and are catered to and leveraged by a software security initiative. |
|
What are the four domains of the BSIMM software security framework?
|
governance, intelligence, SSDL touchpoints, deployment
|
|
What is BSIMM Governance domain?
|
Those practices that help organize, manage, and measure a software security initiative. Staff development is also a central governance practice.
|
|
What are the 3 practices under BSIMM Governance domain?
|
strategy and metrics
compliance and policy training |
|
What is BSIMM Intelligence domain?
|
Practices that result in collections of corporate knowledge used in carrying out software security activities throughout the organization. Collections include both proactive security guidance and organizational threat modeling.
|
|
What are the 3 practices under BSIMM Intelligence domain?
|
Attack models
security features and design standards and requirements |
|
What is BSIMM SSDL touchpoints domain?
|
Practices associated with analysis and assurance of particular software development artifacts and processes. All software security methodologies include these practices.
|
|
What are the 3 practices under BSIMM SSDL touchpoints domain?
|
Architecture analysis
code review security testing |
|
What is BSIMM Deployment domain?
|
Practices that interface with traditional network security and software maintenance organizations. Software configuration, maintenance, and other environment issues have direct impact on software security.
|
|
What are the 3 practices under BSIMM Deployment domain?
|
penetration testing
software environment configuration management and vulnerability management |
