CompTIA® Security+ Exam Notes : Secure Application Development And Deployment Concepts

3. Architecture and Design

3.4 Summarize secure application development and deployment concepts

Baselining: The process of establishing standards for security of computers in your network is called security baselining. A security baseline will include control over services, permissions on files, Registry permissions, authentication protocols, and more. There will be a security baseline established for each type of computer in your organization. This will include domain controllers, file servers, print servers, application servers, clients, etc.

Deployment Life cycle models:

  • The waterfall method has these steps: requirements gathering, design, implementation (also called coding), testing (also called verification), deployment, and maintenance. Each stage is completely self-contained. Once one stage is completed, then you move on to the next stage. This approach is appropriate for situations wherein the requirements are clearly defined well in advance.
  • Agile is a method of software development meant to be rapid.
  • DevOps is the practice of operations and development engineers participating together in the entire service lifecycle, from design through the development process to production support.
  • Scrum is an agile framework for managing work with an emphasis on software development.

Fuzz testing or fuzzing: Fuzzing is a software testing technique, often automated or semi-automated, that involves providing invalid, unexpected, or random data to the inputs of a computer program. The program is then monitored for exceptions such as crashes, or failing built-in code assertions or for finding potential memory leaks.

Previous   Contents   Next

Security+ Cram Notes Contents ad