WGU C706 Secure Software Design Study Guide 2022
1.Confidentiality: Information is not made available or disclosed to
unauthorized individuals, entities, or processes. Ensures unauthorized persons are not able to read private and sensitive data. It is achieved through cryptography.
2.Integrity: Ensures unauthorized persons or channels are not able to
modify the data. It is accomplished through the use of a message digest or digital signatures.
3.Availability: The computing systems used to store and process
information, the security controls used to protect information, and the communication channels used to access information must be functioning correctly. Ensures system remains operational even in the event of a failure or an attack. It is achieved by providing redundancy or fault tolerance for a failure of a system and its components.
4.Ensure Confidentiality: Public Key Infrastructure (PKI) and
Cryptography/En- cryption
5.Ensure Availability: Offsite back-up and Redundancy
6.Ensure Integrity: Hashing, Message Digest (MD5), non repudiation
and digital signatures 1 / 3
7.Software Architect: Moves analysis to implementation and analyzes
the re- quirements and use cases as activities to perform as part of the development process; can also develop class diagrams.
8.Security Practitioner Roles: Release Manager,
Architect, Developer, Business Analyst/Project Manager
9.Release Manager: Deployment
10.Architect: Design
11.Developer: Coding
12.Business Analyst/Project Manager: Requirements Gathering
13.Red Team: Teams of people familiar with the infrastructure of the
company and the languages of the software being developed. Their mission is to kill the system as the developers build it.
14.Static Analysis: A method of computer program debugging that is
done by examining the code without executing the program. The process provides an understanding of the code structure, and can help to ensure that the code adheres to industry standards. It's also referred as code review.
15.MD5 Hash: A widely used hash function producing a 128-bit hash
value. Initially designed to be used as a cryptographic hash function, it has been found 2 / 3
to suffer from extensive vulnerabilities. It can still be used as a checksum to verify data integrity, but only against unintentional corruption.
16.SHA-256 (Secure Hash Algorithm): One of a number of cryptographic
hash functions. A cryptographic hash is like a signature for a text or a data file. Generates an almost-unique, fixed size 32-byte (32 X 8) hash. Hash is a one-way function - it cannot be decrypted.
17.Advanced Encryption Standard (AES): A symmetric encryption
algorithm. The algorithm was developed by two Belgian cryptographers Joan Daemen and Vincent Rijmen. Designed to be efficient in both hardware and software, and supports a block length of 128 bits and key lengths of 128, 192, and 256 bits.
18.Algorithms used to verify integrity: MD5 Hash, SHA-256
19.Algorithm used to verify confidentiality: Advanced Encryption
Standard (AES)
20.Stochastic: unintentional or accidental
21.safety-relevant faults: stochastic (i.e., unintentional or accidental)
22.security-relevant faults: "Sponsored," i.e., intentionally created and activated through conscious and intentional human agency.
23.Fuzz Testing: Used to see if the system has solid exception handling
to the input it receives. Is the use of malformed or random input into a system in order to intentionally produce failure. This is a very easy process of feeding garbage to the system when it expects a formatted
- / 3