already. At long last, we have made it detractor eight. Chapter eight is about software development, security. So when we look at this chapter, obviously we need to take a look at why Software's unsecure in the first place. Because when you think about it,
all of these things that we've talked about up to this point,
whether it's redundancy, confidentiality through encryption or, you know, at firewalls and intrusion detection devices in all of these security elements that are so essential and network
ultimately it all comes back to the fact that they're protecting something that's inherently unsecure
our software. So what we'd ultimately like to be able to do is write secure code, and I know that seems like a novel concept, but that's what we're what we're looking to do. All right, so we'll talk about some development methodology. Some approaches to software development.
We'll look at some cart common architectures, you know, kind of the design on which applications are built.
We'll talk about monitoring and auditing the software. Ah, well, look, att adversaries, where do the threats come from? Who stands to benefit from attacks on our software? And then we're gonna look at, uh, Oh, wasp. That puts out a top 10
list of vulnerabilities, and I think you'll see quite a few questions from this area.
And of course, a WASP focuses on Web applications, and I think it's Ah, certainly good section to really focus on. As far as vulnerabilities go, we'll talk about change management, making sure that as we're developing code, we followed good processes and procedures.
Then we'll look at assessing. The vulnerabilities are coat. Where's the weakness?
You know? Have we validated input? Have we made other common mistakes? All right, so from there we're gonna talk about just the software development processes, and then we're gonna move on to talking about databases. I think that you're going to see a couple questions on databases, and they may just totally be definitions.
Many people, I think, have the experience where
they get a lot of questions on, you know, relational databases. What's a primary key? What's a 40? What's it to full? So we'll go through and certainly hope to define all those terms for you.
Ah will wrap up with verification and validation ultimately, what we're looking for a certification and accreditation that come through verification and validation. And then last but not least, all good things come to an end.
So making sure that we have a secure process for disposing of the software, migrating any data that's necessary also.
So all this is coming up in Chapter eight.