Please enable JavaScript.
Coggle requires JavaScript to display documents.
CAP 20 - Software Development Security (Introducing systems development…
CAP 20 - Software Development Security
Introducing systems development controls
Avoiding and mitigating system failure
input validation
authentication and session management
error handling
logging
system development lifecycle (conceptual definition - functional requirements determination - control specifications development - desisgn reviw - code review walk-through - system test review - maintenance and change management)
Lifecycle models (Waterfall, spiral,agile, SWCMM, IDEAL
change and configuration management
software testing
Establishing databases and data warehousing
ACID
database contamination
concurrency (lock)
semantic integrity, content dependent access control, cell suppression, context dependent access control, polyinstantiation
Storing data and information
storage threats
illegitimate access
covert channel attacks(trassmission of data through classification levels)
Understanding knowledge based systems
expert systems
machine learning
neural networks