Software Development Security Chapter 10 Part 3 Pages 1108 to 1125
Software Security Best Practices Web Application Security Consortium (WASC) – Best security practices for the WWW – Figure 10-8 on page 1109 Open Web Application Security Project (OWASP) – – Top
Software Security Best Practices Build Security In (BSI) – Department of Homeland Security – Best practices, guidelines, rules, principles Common Weakness Evaluation (CWE) – – Top 25 ISO/IEC Standard – Framework, application security management
Software Development Models Build and Fix – Little or no planning – Get the product out the door as fast as possible – Problems are dealt with when they occur – Not really a formal SDLC model Waterfall Model – Figure 10-9 on Page 1112
Software Development Models V-shaped model – Figure on page 1113
Prototyping Rapid Prototyping – Build a prototype to test understanding – Is it feasible – User testing Evolutionary Prototypes – Incremental improvements – Evolves into the final product
Prototyping Operational Prototype – Implement in production environment – Update as customer feedback is gathered
Incremental Model Figure on page 1115
Spiral Model Risk analysis Figure on page 1116
RAD Rapid Application Development – Uses rapid prototyping instead of extensive upfront planning. – Accelerates the development process – Figure on page 1117 Agile – Customer collaboration – More flexible and adaptable than Waterfall
CMMI Capability Maturity Model Integration Carnegie Mellon University Software Engineering Institute Figure on page 1121 Even Agile Compare vendors
Change Control Control changes to documentation, software, tests Roll back changes Who make the change Approval Multiple versions Software Configuration Management