M4d1 Unit 1 Case Study

Good Essays
M4D1

I. Why do you think it is much more expensive to fix a security vulnerability late in the software life cycle, compared to early?

It is almost always more costly to redo or rework something than to do it correctly in the first place. Years ago when I got my first Solaris system administration job, the Navy had the view that any job the Navy did not have official schools for could be learned via OJT (on the job training). So for my first year, I learned everything I could about Solaris system administration and felt I did quite a good job. However, the Navy finally authorized me for me to take the official Sun Microsystem Solaris course. I went to this course with an entire laundry list of questions about odd things that were not quite right and wanted to find out the solutions for. The solutions that were located, were never simple or easy to correct on installed systems and would have been no issue at all if they had be installed at build time with the correct parameters.
…show more content…
The S-SDLC again starts with getting the requirements, but adds security requirements, the setting up phase gates (dividing into stages or phases) and a risk assessment. The design phase identifies requirement from security viewpoint, after which there are architecture/design reviews and then threat modeling is conducted. As in the standard SDLC, the coding is where the meat of the work will be done using coding best practices and static analysis performed. The final and most essential phases are the software testing via vulnerability assessment and fuzzing (testing technique used to uncover coding mistakes and security gaps in software, operating systems or networks by entering enormous amounts of random data (Stallings & Brown, 2015)), and then the software is deployed with server/network configuration with a final

Related Documents

  • Decent Essays

    I could have a job and earned it, but I knew my parents wouldn’t let me. They both took education extremely seriously and feared that my grades would drop. They ended up both saving money so that I would have the money I needed to build the computer that I wanted. I built the computer in my tenth grade year of high school, and I still know every part I had in it. Building the computer was really easy, but I had to research for months to decide the parts I wanted.…

    • 1510 Words
    • 7 Pages
    Decent Essays
  • Decent Essays

    Security Life Cycle

    • 1189 Words
    • 5 Pages

    Authorization and privileges are created and granted, which will include which part of the system will be user interfaces and interaction, how to keep all security controls, and threats are identified. In the implementation phase, vulnerabilities and threats are now looked for in the code in the structural errors and input errors (Howard, 2005). Testing of the code is the best way to perform this task. In the verification phase, it will include a final security check that will review all code that interacts with all attacks surfaces found in the design phase. Lastly, a security review is done, where the security measures are explained in terms of the end client’s stances and what and how the product is setup to withstand attacks in the future (Howard, 2005).…

    • 1189 Words
    • 5 Pages
    Decent Essays
  • Decent Essays

    Introduction In order for you to plan for security. You must first conduct a full risk assessment. The whole point of security planning is to develop some security polices so that you can implement some controls that will help to prevent the risks to your systems from becoming a reality. This paper will discuss some cybersecurity strategies and other various frameworks. It will also analyze the change control process and identification needed for security for the specific business fields.…

    • 1045 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    Evidence Law

    • 1695 Words
    • 7 Pages

    Wigmore developed his mapping system for legal argumentation. But when I first approached the task, I felt ‘out of my depths’ and frankly, I was thoroughly confused. I am not a visual learner; my preferred learning style is auditory. Having to construct the chart was challenging, the first task for me was to find a suitable programme to use to construct the diagram, and this proved easier said than done. Microsoft word offers a number of illustration options with its standard package and I opted to use smart chart, but it took me several hours to find one that, could chart the facts and evidence in the way that, I wanted to.…

    • 1695 Words
    • 7 Pages
    Decent Essays
  • Decent Essays

    The Pros And Cons Of Pong

    • 1415 Words
    • 6 Pages

    Planned for release “well before Christmas 1998,” the game would ultimately be worked and re-worked every time a new technology came out. Rather than actually finish the game, the developer George Broussard dragged it out until it was finally released in 2011, to disappointingly low reviews. Why did this happen? After the incredible success of Duke Nukem 3D, Broussard and his company 3D Realms were quite wealthy. Unlike when they had developed the first game, there was no real threat of running out of resources.…

    • 1415 Words
    • 6 Pages
    Decent Essays
  • Decent Essays

    The goal of this step is to identify a list of system weakness, by using security test of system, audit comments and security requirements that could be exploited. These weaknesses generate the threat/vulnerability pair. Control Analysis For every threat/vulnerability pairs, identify all the possible existing and planned controls to decrease the risk of the threat to exploit vulnerability. Security controls involve the use of technical and non-technical approaches. Technical controls are protection that are combined with computer hardware, software, and firmware.…

    • 1790 Words
    • 8 Pages
    Decent Essays
  • Decent Essays

    The effect you’ve had on my cognitive growth has been a lot both for the good, and the bad. You taught me everything, you both did. Everyone thought I was going to fall behind, but we showed them and I was doing more than most babies my age except for the walking part. You guys made me so smart I almost failed out of kindergarten. I never had to study in high school either so I had to accommodate my schema for learning new things in college, which I assimilate with my college courses now, and semesters past.…

    • 2810 Words
    • 12 Pages
    Decent Essays
  • Decent Essays

    Not inly time management, but organizational skills was a major technique to learn as I went through my first semester. I always wanted to learn to use a planner during schooling but I never actually did it until this semester. With all these new projects, assignments, and study sessions to keep in track the use of a planner became very vital. To solve this I downloaded a planner app onto my phone that alerted me through the week, and this way of organization helped me tremendously compared to if I wrote things in a planner. Everyone learns and studies differently so in order to really succeed you must find what works for you, and how to keep everything in order.…

    • 1005 Words
    • 5 Pages
    Decent Essays
  • Decent Essays

    I have learned that improving my writing in any way can actually help me tremendously. Something as simple as having good word choice or making your paper unique can be a huge difference in whether or not you get into your favorite college or receive a scholarship. I plan to use everything I have learned to help progress as my future continues. I started out this semester with procrastinating when it came to writing papers, but I soon found out that you have to put a great amount of effort into becoming a good writer. After the first couple of assignments, I figured out that I could not write a good quality paper in one night.…

    • 801 Words
    • 4 Pages
    Decent Essays
  • Decent Essays

    Gamblebet Fraud Case Study

    • 1717 Words
    • 7 Pages

    Any loopholes and vulnerabilities identified in risk analysis would be considered and take care of. Any weaknesses of software would be highlighted by us during the investigation. Set of recommendations Recommendations for GambleBet company to secure their sensitive information from the hackers are as follows:- Access controls describe what activities a user can do or what objects an operator is permitted to access. Access controls are constructed upon the substance of elements designed to ease the matching of an operator to a development. These elements are identification, authentication and authorisation which are also called as…

    • 1717 Words
    • 7 Pages
    Decent Essays