Exam 18: Secure Software Development

The _______________ is the first step in a software development process model.

Errors found after development is complete are expensive.

Canonicalization vulnerabilities are restricted to Windows systems.

What does the term spiral method refer to?

_______________ is the conversion of a name to its simplest form.

Fuzzing is a powerful tool used in testing code.

What is the one item that could labeled as the "most wanted" item in coding security?

How does implementing a good software development process enforce security inclusion in a project?

Testing is not an essential part of the generation of secure code.

Unvalidated input that changes the code functioning in an unintended way is which type of coding error?

Scoring the efforts to reduce the effects of threats occurs in which step of threat modeling?

Lease privilege refers to removing all controls from a system.

Creating a graphical representation of the required elements for an attack vector occurs in which step of Threat Modeling?

If the requirement phase marks the beginning of the generation of security in code,then the _______________ marks the other boundary.

What is the waterfall model characterized by?

A(n)_______________ attack is a form of code injection aimed at any Structured Query Language (SQL)-based database,regardless of vendor.

What technique can be used to find potentially exploitable buffer overflows,without any specific knowledge of the coding?

The _______________ model is characterized by iterative development,where requirements and solutions evolve through an ongoing collaboration of self-organizing cross-functioning teams.

Which type of attack is used especially against databases?

Employing _______________ to compare program responses to known inputs and then comparing the output to the desired output is a proven method of testing software.