Deck 1: Why You Need to Learn Secure Programming

UML is a notation that communicates application design, requirements, and process flow.

ISO sets standards world wide so that one uniform practice exists in a particular industry.

The developer is the single most important influential person on the development team.

Integrity assures the application will be reliable when authorized users need to use the application.

Physical attacks occur when software on a machine secretly gathers information about a users activity.

Listening to other people's conversation or looking at their computer's monitor are forms of social engineering.

A use case describes the security of the application.

Most cybercrimes go unnoticed.

Social engineering is a complicated attack to learn and carry out.

Confidentiality assures that the application maintains complete data privacy.

SOX (Sarbanes and Oxley) helps the credit card industry by making sure all electronic transactions are compliant to a security standard.

It is possible to develop a completely secure application as long as quality and security are built into the development process.

Software requirements document how the system is architected.

A single clever dishonest programmer can ruin an entire application's integrity.

The primary purpose of the IEEE is to create Web standards.

A buffer overflow occurs when attributes of a software object are forced to execute native code due to a flaw in the software's design.

Software hackers get paid for performance. Therefore, if your software can not be penetrated in 48 hours or less, the application is pretty safe.

Software vulnerabilities are bugs in the software that should have been found during testing.

W3C sets standards for Web browsers, JavaScript, and HTML tags.

If a person has been developing code for 15 years, then that person should be pretty good at developing code.

Every electronic transaction exposes data to an opportunity for an attack.

Record retention includes printing confidential information to printers.

Mobile devices are critical to an application's security. Therefore, stringent rules should be followed to ensure they are never lost or damaged.

Traceability is when a person can visually associate one use case requirement to design documentation and ultimately the code snippet.