Chapter 8: Software Development Security (Domain 8) 401
- D. The Time of Check to Time of Use (TOCTOU) attack exploits timing differences
between when a system verifies authorization and software uses that authorization to
perform an action. It is an example of a race condition attack. The other three attacks
mentioned do not depend on precise timing. - D. Each of these input parameters makes up part of the attack surface of the
application. Attackers may opt to target any of them to attack the code or its supporting
infrastructure. - B. Threat modeling commonly involves decomposing the application to understand it and
how it interacts with other components or users. Next, identifying and ranking threats
allows you to focus on the threats that should be prioritized. Finally, identifying how to
mitigate those threats finishes the process. Once complete, an organization can take action
to handle the threats that were identified with appropriate controls. - D. The fail closed approach prevents any activity from taking place during a system
security failure and is the most conservative approach to failure management. Fail open
takes the opposite philosophy, allowing all activity in the event of a security control
failure. Fail clear and fail mitigation are not failure management approaches.
7 7. D. The illustration shows the spiral model of software development. In this approach,
developers use multiple iterations of a waterfall-style software development process. This
becomes a “loop” of iterations through similar processes. The waterfall approach does not
iterate through the entire process repeatedly but rather only allows movement backward
and forward one stage. The Agile approach to software development focuses on iterative
improvement and does not follow a rigorous SDLC model. Lean is a process improvement
methodology and not a software development model.
- B. Relational databases use the primary key to uniquely identify each of the rows in a
table. The primary key is selected by the database designer from the set of candidate keys
that are able to uniquely identify each row, but the RDBMS only uses the primary key for
this purpose. Foreign keys are used to establish relationships between tables. Referential
keys are not a type of database key. - A. The request process begins with a user-initiated request for a feature. Change and
release control are initiated by developers seeking to implement changes. Design review
is a phase of the change approval process initiated by developers when they have a
completed design. - C. Polyinstantiation allows the storage of multiple different pieces of information
in a database at different classification levels to prevent attackers from inferring
anything about the absence of information. Input validation, server-side validation, and
parameterization are all techniques used to prevent web application attacks and are not
effective against inference attacks. - C. While Ursula may certainly use an object model, data dictionary, and primary key in
her development effort, external developers cannot directly use them to access her code.
An application programming interface (API) allows other developers to call Ursula’s code
from within their own without knowing the details of Ursula’s implementation.