Secure-Software-Design WGU Secure Software Design (D487) Exam Questions and Answers

 Session management is a core component of secure coding, which involves maintaining the state of a user’s interaction with a system. Proper session management can help protect against various security vulnerabilities, such as session hijacking and session fixation attacks. It is essential for ensuring that user data is handled securely throughout an application’s workflow.

References: The OWASP Secure Coding Practices guide emphasizes the importance of implementing secure coding standards, which include robust session management1. Additionally, Snyk’s secure coding practices highlight the significance of access control, including authentication and authorization, as fundamental to protecting a system2. These resources align with the concept that effective session management is a best practice in secure coding.

The phase being described is the Implementation phase of the SDLC. During this phase, the actual development starts, and the product begins to be built. The teams are actively writing code, which is a key activity of the Implementation phase. This phase involves translating the design and specifications into executable code, developing the software’s features, and then integrating the various components into a full-fledged system.

References:

The Software Development Life Cycle (SDLC): 7 Phases and 5 Models1.

What Is the Software Development Life Cycle? SDLC Explained2.

SDLC: 6 Main Stages of the Software Product Development Lifecycle3.

Software Development Life Cycle (SDLC) Phases & Models4.

The Intelligence domain in the Building Security in Maturity Model (BSIMM) focuses on gathering and using information about software security. This includes understanding the types of attacks that are possible against the software being developed, which is why reviewing attack models falls under this domain. The BSIMM domain of Intelligence involves creating models of potential attacks on software (attack models), analyzing actual attacks that have occurred (attack intelligence), and sharing this information to improve security measures. By reviewing attack models, the software security group is essentially assessing the organization’s ability to anticipate and understand potential security threats, which is a key aspect of the Intelligence domain.

References: The references used to verify this answer include the official BSIMM documentation and related resources that describe the various domains and their activities within the BSIMM framework12345.

Comprehensive and Detailed In-Depth Explanation:

Engaging an independent security consulting firm to simulate attacks on deployed products is an example of Penetration Testing.

Penetration testing involves authorized simulated attacks on a system to evaluate its security. The objective is to identify vulnerabilities that could be exploited by malicious entities and to assess the system's resilience against such attacks. This proactive approach helps organizations understand potential weaknesses and implement necessary safeguards.

According to the OWASP Testing Guide, penetration testing is a critical component of a comprehensive security program:

"Penetration testing involves testing the security of systems and applications by simulating attacks from malicious individuals."

References:

OWASP Testing Guide

The step in threat modeling that involves collecting exploitable weaknesses within the product is Identify and document threats. This step is crucial as it directly addresses the identification of potential security issues that could be exploited. It involves a detailed examination of the system to uncover vulnerabilities that could be targeted by threats.

References: The OWASP Foundation’s Threat Modeling Process outlines a structured approach where identifying and documenting threats is a key step1. Additionally, various sources on threat modeling agree that the identification of threats is a fundamental aspect of the process, as it allows for the subsequent analysis and mitigation of these threats2345.

The Asset-centric approach to threat modeling focuses on identifying and protecting the assets that are most valuable to an organization. This method prioritizes the assets themselves, assessing their sensitivity, value, and the impact on the business should they be compromised. It is a strategic approach that aims to safeguard the confidentiality, integrity, and availability of the organization’s key assets.

References:

A Review of Asset-Centric Threat Modelling Approaches1.

Approaches to Threat Modeling - are you getting what you need?2.

What Is Threat Modeling? - CrowdStrike3.

Dynamic analysis is a security testing method that involves analyzing the behavior of software while it is running or in execution. It is most commonly executed during the testing phase of the Software Development Life Cycle (SDLC). This type of analysis is used to detect issues that might not be visible in the code’s static state, such as runtime errors and memory leaks. Automated tools are employed to perform dynamic analysis, which can simulate attacks on the application and identify vulnerabilities that could be exploited by malicious actors.

References: The information provided here is verified by multiple sources that discuss security automation in the SDLC and the role of dynamic analysis during the testing phase123.

Security testing reports are the deliverables that typically contain detailed results of the security evaluations performed. These reports include the types of tests conducted, such as static and dynamic analysis, penetration testing, and code reviews, as well as the number and types of vulnerabilities discovered. The purpose of these reports is to document the security posture of the software at the time of testing and to provide a basis for remediation efforts.

References: The information aligns with best practices in secure software development, which emphasize the importance of documenting security requirements and conducting risk analysis during the design phase to identify and mitigate vulnerabilities early in the SDLC12.

The secure coding practice being described is Access Control. This practice ensures that access to data and features within a system is restricted and controlled. The description given indicates that the product has mechanisms to prevent the display of personally identifiable information (PII), restrict the printing of private documents, and require elevated privileges to access archived documents. These are all measures to control who has access to what data and under what circumstances, which is the essence of access control.

References:

ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud1.

NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)2.

ISO/IEC 29151:2017, Code of practice for personally identifiable information protection3.

The task described involves assessing a document management application that has been in use for many years to ensure compliance with organizational policies. This typically falls under the category of a security strategy for legacy code. Legacy code refers to software that has been around for a while and may not have been designed with current security standards or organizational policies in mind. A security strategy for legacy code would involve reviewing and updating the application to meet current security requirements and organizational policies, ensuring that it remains secure and compliant over time.

References: The answer is based on standard practices for managing and securing legacy software systems, which include regular assessments and updates to align with current security standards and organizational policies1.

The term ‘availability’ in the context of Secure Software Development Lifecycle (SDL) refers to ensuring that systems, applications, and data are accessible to authorized users when needed. This means that the information must be timely and reliable, without undue delays or interruptions. Availability is a critical aspect of security, as it ensures that the software functions correctly and efficiently, providing users with the information they need to perform their tasks.

References:

The definition of availability as per the National Institute of Standards and Technology (NIST) Glossary1.

The Microsoft Security Development Lifecycle (SDL) which emphasizes the importance of availability in secure software design2.

General principles of Secure Software Development Life Cycle (SSDLC) that include availability as a key security goal3.

The practice of clearing all local storage when a user logs off and automatically logging a user out after an hour of inactivity falls under the category of Session Management. This is a security measure designed to prevent unauthorized access to a user’s session and to protect sensitive data that might be stored in the local storage. By clearing the local storage, any tokens, session identifiers, or other sensitive information are removed, reducing the risk of session hijacking or other attacks. The automatic logout feature ensures that inactive sessions do not remain open indefinitely, which could otherwise be exploited by attackers.

References: The information aligns with the secure coding practices outlined by the OWASP Foundation1, and is supported by common practices in web development for managing sessions and local storage2.

Security change management within the change management process involves ensuring that any changes, including updates or modifications to software, do not introduce new vulnerabilities and are in line with security policies. The question about securing remote administration directly reflects this component because it addresses the security considerations that must be managed when changes are made to how software is accessed and controlled remotely. This includes implementing secure protocols, authentication methods, and monitoring to prevent unauthorized access or breaches, which are crucial when managing changes in a secure manner.

References:

Change management in cybersecurity emphasizes the structured approach to implementing alterations in security protocols, technologies, and processes, ensuring systematic assessment and monitoring1.

The role of change management in cybersecurity includes decisions about network access and ensuring the right person can access the right information at the right time, which aligns with securing remote administration2.

Seminal change management models in cybersecurity, like PROSCI’s ADKAR model, guide individuals through the change process, managing resistance and identifying training needs, which is relevant to securing remote administration3.

The issue described involves a session management vulnerability where the user’s session remains active even after the browser window is closed, allowing another user on the same machine to access the application without logging in. To prevent this security risk, it’s essential to adjust the session management controls to include an automatic timeout feature. This means that after a period of inactivity, or when the browser window is closed, the session should automatically expire, requiring a new login to access the application. This adjustment ensures that even if a user forgets to log out, their session won’t remain active indefinitely, reducing the risk of unauthorized access.

References:

Secure SDLC practices emphasize the importance of security at every stage of the software development life cycle, including the implementation of proper session management controls12.

Best practices for access control in security highlight the significance of managing session timeouts to prevent unauthorized access3.

Industry standards and guidelines often recommend session timeouts as a critical security control to protect against unauthorized access4.

The category of secure software best practices being described is Training. This is because the focus is on educating new developers about organizational security policies and coding practices to mitigate potential threats. Training is a proactive approach to ensure that developers are aware of security concerns and are equipped with the knowledge to address them in their coding practices.

References: The importance of training in secure software best practices is supported by industry resources such as the SAFECode’s “Fundamental Practices for Secure Software Development” which emphasizes the need for application security control definition and management1, and the NIST’s Secure Software Development Framework (SSDF) which recommends integrating secure development practices throughout the software development lifecycle2. Additional support for this category can be found in resources detailing effective secure development practices345.

To combat identity spoofing threats, a mitigation technique that is often used is requiring user authorization. This involves implementing strong authentication methods to verify the identity of users before granting access to sensitive information or systems. Techniques such as two-factor authentication (2FA) or multi-factor authentication (MFA) are effective in reducing the risk of unauthorized access, as they require users to provide multiple pieces of evidence to confirm their identity, making it much harder for attackers to spoof an identity successfully.

References:

Best practices for preventing spoofing attacks, including the use of antivirus and firewall tools, and the importance of strong authentication methods like 2FA and MFA1.

The National Security Agency’s guidance on identity theft threats and mitigations, emphasizing the need for personal protection and strong authentication measures2.

Discussion on the effectiveness of strong authentication methods in protecting against spoofing attacks3.

The role of comprehensive identity verification and authentication strategies in preventing AI-enhanced identity fraud4.

Option D best addresses security change management, here's why:

Focus on Change: The question directly asks about a modification to how remote administration is secured. This aligns with the core goal of security change management, which is to evaluate and control the security implications of changes to systems.

Security-Specific: The question is explicitly concerned with security, not general functionality or requirements.

Practical Aspect: Remote administration access is a frequent target for attackers, making it a common area for security change management scrutiny.

The OpenSAMM business function being assessed is Verification. This function involves activities related to reviewing and testing to ensure that the software meets the required security standards and practices. In the context of the question, the software security group’s focus on reviewing design artifacts to ensure compliance with organizational security standards falls under the Verification function. This includes tasks such as design review, implementation review, and security testing, which are all aimed at verifying that the security measures and controls are correctly integrated into the software design.

References: The information is verified as per the OWASP SAMM documentation, which outlines the Verification function as a core business function that encompasses activities like design review, which is directly related to the assessment of design artifacts mentioned in the question1.