Chapter 11: Secure Application Development, Deployment and Automation
Software Repositories
https://www.freecodecamp.org/news/what-is-git-and-how-to-use-it-c341b049ae61/
Environments
Development
Test
Staging
Production
QA: Quality Assurance
Let’s look at this topic from the standpoint of the type of questions you may be asked.
https://passcomptia.com/comptia-security/comptia-security-question-g-61/
https://passcomptia.com/comptia-security/comptia-security-question-c-99/
Provisioning and Deprovisioning
Integrity Measurement
NOT hashing
Working on the correct version
Secure Coding Techniques
Normalization
Stored Procedures
Obfuscation / Camouflage
Code Reuse and Dead Code
Server-Side vs. Client-Side Execution and Validation
Javascript: in the browser, easily hackable
PHP / Python / ASP / Ruby / etc.: on the server, and trickier to hack
Memory Management
Third-Party Libraries and SDKs
Data Exposure
Error Handling
Input Validation
Code Quality and Testing
Static vs. Dynamic Analysis (fuzzing)
Stress Testing
Sandboxing
Model Verification
Model – View – Control app dev model
https://www.visual-paradigm.com/guide/uml-unified-modeling-language/what-is-model-view-control-mvc/
OWASP: Open Web Application Security Project
https://owasp.org/www-project-top-ten/
Software Diversity
Compilers
Binaries
Default locations in memory
ASLR – NOT an acronym on the 601 test, but the (Windows) cure for default DLL location attacks
https://en.wikipedia.org/wiki/Address_space_layout_randomization
Automation and Scripting
Automated Courses of Action
Continuous Monitoring
Continuous Validation
Continuous Integration
Continuous Delivery
Continuous Deployment
DevOps
Elasticity
Moving to a more powerful server
Scalability
Moving to more servers
Version Control and Change Management
https://bitbucket.org/product/code-repository
Waterfall vs. Agile Methodologies (NOT on the 601 test)
Scrum and XP