Phases of SSDLC in Agile
Phases of SSDLC in Agile
Planning:
2. Development:
3. Testing:
4. Deployment:
5. Maintenance:
Key Points:
Conclusion
•Daily Stand-up: Hold daily stand-up meetings (daily scrums) for team
members to share progress, plans, and blockers, fostering communication
and collaboration.
The agile methodology lets teams deliver working software more frequently,
respond quickly to changes in requirements or priorities, and continuously
improve their processes based on feedback from stakeholders. Teams
prioritize tasks in the backlog to ensure the most critical and valuable
features are developed first, enhancing efficiency and alignment with
business goals.
Take a look at the next section to learn more about how an agile
methodology works in DevOps
In the design phase, developers discuss how the CI/CD pipelines should
handle passwords and other secrets. You propose a "key vault" to be used
within the cloud solution to store secrets and call it using encrypted and
hashed API keys. Which of the following cryptographic hash algorithms has
previously been breached and should NOT be used for secret management in
the code or CI/CD pipeline?
Currently, only code review is being performed with pull requests in the code
commits to spot for irregularities or defects. To strengthen security, you want
to implement a static code analysis tool for vulnerability scanning. After
approval, you perform a proof of concept (PoC) with a static code analysis
(SAST) tool. You install this in the environment and perform a scan on the
master branch. The tool discovers one vulnerability, among many, that can
be found in AngularJS versions earlier than (<)1.8.0. It is a cross-site
scripting (XSS) vulnerability that allows for manipulation of sanitized user-
controlled HTML input before it is passed to jQuery Lite (JQLite) methods. The
transformation done by JQLite may modify some forms of a sanitized payload
into a payload containing JavaScript and trigger an XSS when the payload is
inserted into a specific file. What is the name of this specific XSS
vulnerability?
Lastly, you would like to enhance the current SIEM tool that the organization
is using for logging and monitoring. You introduce a security dashboard for
their Splunk application to automatically flag for security incidents in
production. You also propose an additional test of how the organization would
react to a real threat, which could help to fully assess the realistic level of
risk and vulnerabilities of the technology, human, and physical assets within
the organization. What is this kind of testing called?
Nice work catching the difference between you and your colleagues’
solutions. Now the JavaScript web development part is going very well, but
you notice something strange when integrating to the Digital Health’s Python
backend. You dig into the backend code base and notice that the client has
implemented a lot of basic algorithms manually. Normally this would not be a
problem, but some of the implementations are quite buggy and are causing
you to have wrong results or even breaking your solution. Time to start
debugging!
One of the algorithms is a binary search algorithm. Luckily, you are very
familiar with it and know that binary search is a search algorithm that finds
the position of a target value in a sorted table.
Binary search compares the target value to the middle element of the array.
If they are not equal, the half in which the target cannot lie is eliminated and
the search continues for the remaining half, again taking the middle element
to compare to the target value and repeating this until the target value is
found. If the search ends with the remaining half being empty, the target is
not in the array.
https://en.wikipedia.org/wiki/Binary_search_algorithm