Copiar y Editar

Computer Security U9 - Software Security

Descripción

Mapa Mental sobre Computer Security U9 - Software Security, creado por Nick.Bell2013 el 27/04/2013.
Nick.Bell2013
Mapa Mental por Nick.Bell2013, actualizado hace más de 1 año
Nick.Bell2013
Creado por Nick.Bell2013 hace alrededor de 11 años
46
3
0

Resumen del Recurso

Computer Security U9 - Software Security
  1. Need for security
    1. "holes"
      1. poor/sloppy coding
      2. Software trends
        1. greater networking = greater exposure
          1. increasing size/complexity= harder to police
            1. greater flexibility = error prone
              1. lack of environment diversity = only 1 major platform
                1. increasing market pressure = rushed production
        2. Penetrate and patch approach
          1. only fixes known vulnerabiliteis
            1. only quick fixes
              1. users may not use patch
                1. targets symptoms not causes
                  1. users doing testing
                    1. only works on unmodified s/ware
          2. Open source vs Closed source
            1. Security principles
              1. part of design process
                1. use the K.I.S.S. model
                  1. reduce exposure
                    1. ensure "secure failure"
            2. S/ware engineering life cycle
              1. Requirements capture
                1. Design
                  1. Implementation
                    1. Testing
                      1. Support
              2. Languages
                1. C
                  1. C++
                    1. Java
                      1. C#
                        1. LISP
                2. Access controls
                  1. Common security problems
                    1. Principle of Least Privilege
                      1. buffer overflows
                        1. input handling
                          1. naming issues
                            1. race conditions = TOCTTOU
                              1. Firewall issues
                                1. cryptographic issues
                                  1. Bishop's list*
                    2. Managing security
                      1. risk assessment
                        1. Security testing
                          1. black box testing
                            1. red teaming
                            2. Management issues
                              1. distribution (DRM)
                                1. installation
                                  1. maintennance
                                    1. documentation
                                      1. oversight
                                    2. Java security
                                      1. objects
                                        1. inheritance
                                        2. platform independence
                                          1. language features
                                            1. type safety
                                              1. exception handling
                                              2. garbage collection
                                                1. multi-thread
                                              3. Sandbox security model
                                                1. signed applets
                                                  1. Java 2
                                                    1. access control & stack inspection
                                                      1. hostile applets
                                                        1. maicious applets
                                                          1. attack applets
                                                        Mostrar resumen completo Ocultar resumen completo

                                                        ¿Quieres crear tus propios Mapas Mentales gratis con GoConqr? Más información.

                                                        Similar

                                                        Certified Information Systems Security Professional (CISSP)
                                                        GoAsk Chaz
                                                        SSCP Domains
                                                        Abdul Issa
                                                        Computer Security Potential Flaws
                                                        Rob Speirs
                                                        Tema 1. Crisis del A.R.
                                                        Joaquín Ruiz Abellán
                                                        CIENCIAS AUXILIARES DE QUÍMICA ORGÁNICA
                                                        Luis Carrillo
                                                        Vocabulario Inglés (I y II) para la Selectividad
                                                        maya velasquez
                                                        Inglés para Selectividad
                                                        Diego Santos
                                                        Test de historia de España S. XVIII, XIX y XX.
                                                        Diego Santos
                                                        Mapa conceptual
                                                        Franchesk Maestr
                                                        Promoción de ventas
                                                        VICTOR HUGO ORTIZ ALCALA
                                                        COSTAS E RÍOS
                                                        Nuria Prado Álvarez
                                                        Explorar la Librería