



Study with the several resources on Docsity
Earn points by helping other students or get them with a premium plan
Prepare for your exams
Study with the several resources on Docsity
Earn points to download
Earn points by helping other students or get them with a premium plan
The V-Model: Answer: a variant ofthe waterfall model inwhich, following the coding stage, the stage is raised again. Extreme Programming (XP): Answer: an Agile approach designed to increase the responsiveness and qualityofsoftware Software Security Architect: Answer:guaranteesthat theorganization's mission and business processes are sufficiently protected by meeting the stakeholder security requirements. Software SecurityChampion: Answer: an authority on best practices, raising security awareness, and streamlining software security Software SecurityEvangelist: Answer: a specialist to raise product awareness among the largersoftware community Functional Requirements: Answer: elucidate the functions and maingoals ofthe system. Non-functional specifications: Answer: explain any limitations orrestrictionson a designthat do not affect the system's main objective.
Typology: Exams
1 / 7
This page cannot be seen from the preview
Don't miss anything!




Course Code: D Subject: Secure Software Design Institution: [Insert University or College Name] Year: 2025 What's Inside? • Comprehensive breakdown of all SDLC phases • In-depth summaries of Agile, Scrum, Waterfall, and Lean development • Key terms explained: BSIMM, OWASP SAMM, STRIDE, DREAD, Trike, PASTA • Coverage of security roles: Architect, Champion, Evangelist • Extensive overview of testing methods: White-box, Black-box, Gray-box • Diagrams & easy-to-follow formatting for rapid understanding Why This Guide? This professionally curated exam prep document is designed to help you master every aspect of Secure Software Design. Each concept is clearly explained with direct answers, practice-style Q&A, and exam-focused insights. ⬛ Perfect for students preparing for assessments ⬛ Ideal for online classes, revisions, or late-night cramming ⬛ Reliable content compiled from top academic resources
SDLC Phase 1: Answer: Planning - A vision and next steps are developed. SDLC Phase 2: Answer: Requirements - The necessary software requirements are defined. SDLC Phase 3: Answer: Design - Requirements are prepared for technical design. SDLC Phase 4: Answer: Implementation - The features involved in the application are determined from a known resource. SDLC Phase 5: Answer: Testing - The software is tested to verify its functionality in a known environment. SDLC Phase 6: Answer: Deployment - Security is implemented. SDLC Phase 7: Answer: Maintenance - Continuous security monitoring is performed. SDLC Phase 8: Answer: End of Life - Appropriate steps are taken to completely retire the software. BSIMM: Answer: A study of real-world software security that allows you to develop the security of your software over time. OWASP SAMM:
Lean Development: Answer: approach to softwaredevelopment that emphasizes further separating risk down to the feature level The V-Model: Answer: a variant of the waterfall model in which, following the coding stage, the stage is raised again. Extreme Programming (XP): Answer: an Agile approach designed to increase the responsiveness and quality of software Software Security Architect: Answer: guarantees that the organization's mission and business processes are sufficiently protected by meeting the stakeholder security requirements. Software Security Champion: Answer: an authority on best practices, raising security awareness, and streamlining software security Software Security Evangelist: Answer: a specialist to raise product awareness among the larger software community Functional Requirements: Answer: elucidate the functions and main goals of the system. Non-functional specifications: Answer: explain any limitations or restrictions on a design that do not affect the system's main objective. Impact Assessment on Privacy: Answer: Answer: procedure that assesses concerns and theprivacy impact rating concerning the software's ability to protect PII Profile of Product Risk: Answer: aids in calculating the product's true cost from various angles. Matrix of Requirement Traceability: Answer: a tableoutlining every security requirement The DREAD model: Answer: damage, discoverability, reproducibility, exploitability, and impacted users Pasta: Answer: A softwaresecurity team can identify threats using a repeatableframework thanks to the attack
simulation and threat analysis process. STRIDE: Answer: divides threats into the following categories: denial of service, information disclosure, spoofing, tampering, repudiation, and elevation of privilege. Decomposition of Applications: Answer: identifying thecorefeatures of an application The trike: Answer: a cohesive theoretical structure for security auditing Testing at the Alpha Level: Answer: testing carried out by the developers themselves Testing at the Beta Level: Answer: testing carried out by individuals unfamiliar with thesystem's actualdevelopment Testing in Black Boxes: Answer: tests conducted by a third party without any prior software knowledge Testing in Gray Boxes: Answer: examines the software's source code to assist in creating the test cases. White Box Testing: Answer: tests from an internal perspective with full knowledge of thesoftware Abstract Syntax Tree(AST): Answer: the foundation for later-generation software metrics and issues Analysis of Control Flow: Answer: The method by which the code steps through logical conditions Analysis of Data Flow: Answer: The process by which information is traced from the input points to the outputpoints SonarQube: Answer: An open-source static code analysis platformthatcan identify errors, vulnerabilities, hotspots, and code smells in more than 25 programming languages Spider: Answer: recognizes inputs and provides them to the security tool's scanning components. PSIRT: Answer: The group that receives, looks into, and reports security flaws
Answer: Security evaluations conducted by organizations other than internal testing teams are known as third-party security reviews. PRSA 3: Answer: External certifications that show the security posture of goods or services are known as post- release certifications. PRSA5 and PRSA4: Answer: Security Plan for Legacy Code, MCA, and EOL Plans: aplan to reducesecurity threats from MCAs and legacy code. Governance (OpenSAMM function): Answer: focused on how businesses oversee all aspects of software development Construction (OpenSAMM function): Answer: focused on how businesses set objectives and produce software for development projects. Verification (function of OpenSAMM): Answer: focused on how an organization examines and tests software development artifacts. Deployment (OpenSAMM function): Answer: focused on how a company releases software. Categories for BSIMM: Answer: deployment, touchpoints in the software security development life cycle, intelligence, and governance.