ISEC 620 Homework 7
In Module 6 homework, you described and compared different kinds of software test and analysis tools. In this homework, you will evaluate the effectiveness of the same tools and methods.
· Static Code Analysis
· Dynamic Code Analysis
· Peer Review
· Quality Assurance Testing
· Penetration Testing
· Fuzzing
The following table shows phases of an SDLC very briefly. Note that the phases correspond to 4 business functions of the SAMM (https://owaspsamm.org/release-notes-v2/)
Design Development Testing Operation
Question 1
Place each software analysis technique to the corresponding cell(s).
Question 2
Which control is most proactive? Why?
Question 3
Select three analysis techniques from the list. How do you measure and improve the effectiveness of the analysis techniques you selected? Describe.
Question 4 – Weekly Learning and Reflection
In two to three paragraphs of prose (i.e., sentences, not bullet lists) using APA style citations if needed, summarize and interact with the content that was covered this week in class. In your summary, you should highlight the major topics, theories, practices, and knowledge that were covered. Your summary should also interact with the material through personal observations, reflections, and applications to the field of study. In particular, highlight what surprised, enlightened, or otherwise engaged you. Make sure to include at least one thing that you’re still confused about or ask a question about the content or the field. In other words, you should think and write critically not just about what was presented but also what you have learned through the session. Questions asked here will be summarized and answered anonymously in the next class.