What are the two procedures that should be completed before sign-off of the implementation phase of the waterfall model?
What will be an ideal response?
In the implementation phase, developers should focus on coding flaws; flaws such as incomplete error handling or unprocessed exceptions create most of the security holes. Two procedures should be completed before sign-off of the implementation phase.
Detailed code review: Code review should be standard for developers who want to catch security holes in implementation. The pressure of knowing that peers or supervisors will be reading the code makes the developer more careful, and, as a general rule, an extra pair of eyes can always catch more problems.
Verification with code-analysis tools: Design and code-analysis tools can scan source code and report common vulnerabilities. Problems ranging from circular dependency in a class hierarchy to potential memory overwrites can be caught by a good code-analysis tool.
You might also like to view...
Which of the following statements is false?
a. An advantage of inheritance over interfaces is that only inheritance provides the is-a relationship. b. Objects of any subclass of a class that implements an interface can also be thought of as objects of that interface type. c. When a method parameter is declared with a subclass or interface type, the method processes the object passed as an argument polymorphically. d. All objects have the methods of class Object.
The property returns an object containing all the values in a ListBox.
a) All b) List c) ListItemValues d) Items
Which Cisco IOS Extended ACL statement would correctly match all IPv4 traffic?
A) access-list 101 permit ipv4 any any B) access-list 101 permit ip any any C) access-list 101 permit ip all D) access-list 101 permit ipv4 any
Android tablets use the ____ browser.
A. built-in Android B. Opera C. Safari D. Chrome