Security+ SY0-601: 2.3: Secure Application Development, Deployment and Automation

Chapter 11: Secure Application Development, Deployment and Automation

Software Repositories

https://www.freecodecamp.org/news/what-is-git-and-how-to-use-it-c341b049ae61/

Environments

Development

Test

Staging

Production

QA: Quality Assurance

Let’s look at this topic from the standpoint of the type of questions you may be asked.

https://passcomptia.com/comptia-security/comptia-security-question-g-61/

https://passcomptia.com/comptia-security/comptia-security-question-c-99/

Provisioning and Deprovisioning

Integrity Measurement

NOT hashing

Working on the correct version

Secure Coding Techniques

Normalization

Stored Procedures

Obfuscation / Camouflage

Code Reuse and Dead Code

Server-Side vs. Client-Side Execution and Validation

Javascript: in the browser, easily hackable

PHP / Python / ASP / Ruby / etc.: on the server, and trickier to hack

Memory Management

Third-Party Libraries and SDKs

Data Exposure

Error Handling

Input Validation

Code Quality and Testing

Static vs. Dynamic Analysis (fuzzing)

Stress Testing

Sandboxing

Model Verification

Model – View – Control app dev model

https://www.visual-paradigm.com/guide/uml-unified-modeling-language/what-is-model-view-control-mvc/

OWASP: Open Web Application Security Project

https://owasp.org/

https://owasp.org/www-project-top-ten/

Software Diversity

Compilers

Binaries

Default locations in memory

ASLR – NOT an acronym on the 601 test, but the (Windows) cure for default DLL location attacks

https://en.wikipedia.org/wiki/Address_space_layout_randomization

Automation and Scripting

Automated Courses of Action

Continuous Monitoring

Continuous Validation

Continuous Integration

Continuous Delivery

Continuous Deployment

DevOps

Elasticity

Moving to a more powerful server

Scalability

Moving to more servers

Version Control and Change Management

https://bitbucket.org/product/code-repository

Waterfall vs. Agile Methodologies (NOT on the 601 test)

Scrum and XP