Exam 3: Principles of Security and Quality

Defense in depth is designed on the principle that a single layer of protection from different vendors or software is sufficient.

Complex code is better for the development team.

ISO and IEEE have published many resources regarding quality software and the development processes that produce such software.

What is attained when variable and method names are meaningful and when they represent the actual value they represent?

The foundation of software applications and the development processes that produce them are based on common best principles of quality code and secure code.

Working principles of security and quality in the code is also called what?

Complexity will never be a factor no matter how reusable or understandable the code is.

A design that requires one key to send and receive data is more secure than a design that allows access to the information with two keys.

It's possible to have quality without security.

A developer can write useful code that will allow unauthorized users to access the applications assets.

Which part of the application is most likely to be attacked first?

What is attained by keeping unauthorized users from accessing confidential information?

The goal of confidentiality is to ensure that no user other than the owner(s) can see or access the data.

Availability refers to the percentage of time a developer is available during scheduled hours of operation.

Readability and Credibility are two types of principles of security and quality.

Methodologies help the overall process by making everyday development activities predictable, continual, and most of all visible.

What industry standard lists characteristics of quality code?

What is attained when a developer creates code that can be run itself and uses parameters?

What is attained by keeping the data untouched from point of entry into the application to the point of exit?

"Fail Securely" is simply what happens when the system goes down.