What are the two procedures that should be completed before sign-off of the implementation phase of the waterfall model?
What will be an ideal response?
In the implementation phase, developers should focus on coding flaws; flaws such as incomplete error handling or unprocessed exceptions create most of the security holes. Two procedures should be completed before sign-off of the implementation phase.
Detailed code review: Code review should be standard for developers who want to catch security holes in implementation. The pressure of knowing that peers or supervisors will be reading the code makes the developer more careful, and, as a general rule, an extra pair of eyes can always catch more problems.
Verification with code-analysis tools: Design and code-analysis tools can scan source code and report common vulnerabilities. Problems ranging from circular dependency in a class hierarchy to potential memory overwrites can be caught by a good code-analysis tool.
You might also like to view...
A smart card reader is a device that reads data encrypted on small ID-sized cards
Indicate whether the statement is true or false
If dynamic memory has been allocated for an object and an exception occurs, then:
a. The catch block will not work properly. b. A memory leak could result. c. The object's constructor will cause another exception. d. Multiple pointers to memory could be created.