What are the two procedures that should be completed before sign-off of the implementation phase of the waterfall model?
What will be an ideal response?
In the implementation phase, developers should focus on coding flaws; flaws such as incomplete error handling or unprocessed exceptions create most of the security holes. Two procedures should be completed before sign-off of the implementation phase.
Detailed code review: Code review should be standard for developers who want to catch security holes in implementation. The pressure of knowing that peers or supervisors will be reading the code makes the developer more careful, and, as a general rule, an extra pair of eyes can always catch more problems.
Verification with code-analysis tools: Design and code-analysis tools can scan source code and report common vulnerabilities. Problems ranging from circular dependency in a class hierarchy to potential memory overwrites can be caught by a good code-analysis tool.
You might also like to view...
Which of the following is not a valid identifier?
a) Start b) AboutForm c) modFirst Welcome d) value4
Write the syntax of a tcpdump command that captures packets containing ICMP messages with a source or destination IP address equal to 10.0.1.12.
What will be an ideal response?
What is the purpose of the Input Manager?
What will be an ideal response?
When should an organization consider using Microsoft Azure Active Directory?
A. It should be considered if the organization subscribes to Office 365 services, or other compatible web services. B. It should be used when a user needs remote access from another location outside the domain. C. It should be used when using IIS as a web server for customer logins. D. It should be used when deploying Internet accessible services, such as FTP or DNS.