Final Exam: Defensive Programmer - apply defensive coding
- apply effective and secure regression testing
- apply exception handling effectively
- apply parameter checking
- apply secure integration testing including when and who conducts integration testing
- apply secure unit testing including how it is done and who should do it
- apply the Flaw Hypothesis Method
- define risk management and be able to apply risk management to software projects
- describe assertive programming and be able to implement assertions
- describe basic cryptography applications to confidentiality and integrity
- describe basic cryptography concepts, cryptography types, and applications
- describe CDI/UDI, why it is important and how it should be done
- describe component trust including when and how to achieve the trust of components
- describe how to reuse code effectively and defensively
- describe intelligible exceptions and be able to implement meaningful and actionable exception handling
- describe reliability, resiliency, and recoverability and how it can be achieved in software engineering
- describe secure testing concepts including unit, integration, and regression testing
- describe session management techniques and secure session management
- describe the first five CERT Top 10 secure coding practices - Validate input, Heed compiler warnings, Architect and design for security, Keep it simple, and the Default deny
- describe the last five CERT Top 10 secure coding practices - Adhere to the principle of least privilege, Sanitize data sent to other systems, Practice defense-in-depth, Use effective quality assurance techniques, and Adopt a secure coding standard
- describe the role of Six Sigma in producing better quality, secure programming
- describe validation techniques and procedures
- effectively track security bugs
- identify general defensive concepts
- identify intelligible exceptions
- implement C# filtering
- implement C# parameter checking
- implement C# recoverable code
- implement C# resilient code
- implement Java filtering
- implement Java parameter checking
- implement Java recoverable code
- implement Java resilient code
- implement JavaScript filtering
- implement JavaScript parameter checking
- implement JavaScript recoverable code
- implement JavaScript resilient code
- implement Python filtering
- implement Python parameter checking
- implement Python recoverable code
- implement Python resilient code
- implement secure integration testing including when and who conducts integration testing
- implement validation in C#
- implement validation in Java
- implement validation in JavaScript
- implement validation in Python
- use C# Cryptography
- use C# exception handling
- use C# validation
- use effective security metrics
- use Java Cryptography
- use Java exception handling
- use JavaScript Cryptography
- use JavaScript exception handling
- use JavaScript validation
- use Java validation
- use Open Source Security Testing Methodology Manual concepts
- use Python Cryptography
- use Python exception handling
- use Python validation
|
