1. Programming
   1. languages
      1. 1st gen: machine code
      2. 2nd gen: assembly
      3. 3rd gen: high level
      4. 4th gen: v.high level
      5. 5th gen: natural
   2. programming
      1. compiler
         1. c
            1. takes entire program
            2. faster
            3. less secure
      2. interpreter
         1. basic
            1. takes each instruction
            2. slower
            3. more secure
   3. object orientated programming
      1. instantiated attributes
      2. method
      3. datahiding
      4. abstraction
      5. polymorphism
      6. data modelling
      7. cohesion and coupling
      8. data structure
      9. polyinstantiation
   4. distributed computing
      1. DCOM
         1. UUID/GUID
      2. CORBA
         1. orb
      3. Java platform EE
      4. SOA
         1. Webservices
            1. SOAP
            2. HTTP
            3. WSDL
            4. UDDI
            5. XML
         2. SaaS
   5. mobile code
      1. Java Applets
         1. Sandbox
         2. bytecode
      2. Active X
         1. vulnerable: shares privilege of user
         2. vulnerable: container allows reuse
            1. authenticode
            2. digital signature
   6. expert systems and ANN
      1. rulebased policy mgt.
         1. inference engine
            1. pattern matches
         2. knowledge based
      2. operation mode
         1. backward chaining
2. Development
   1. system development life cycle
      1. Initiation
      2. acquisition/development
         1. security analysis and plan
      3. implementation
         1. certification
         2. accreditation
      4. operation/maintenance
      5. disposal
   2. software development life cycle
      1. requirements gathering
         1. privacy impact rating
            1. P1
            2. High
            3. PII
            4. P2
            5. P3
      2. design
         1. requirement types
            1. info model
            2. functional model
            3. behavioural model
         2. analysis
            1. threat modelling
            2. attack surface analysis
      3. development
         1. CASE Tool
         2. static analysis
         3. guidelines
            1. OWASP, MITRE, DHS
      4. testing/validation
         1. unit testing
         2. integration testing
         3. acceptance testing
         4. maintenance hook/trapdoor removal
         5. regression testing
         6. fuzzing
         7. dynamic analysis
      5. release/maintenance
         1. verification v validation
   3. best practices
      1. WASC
      2. OWASP
      3. BSI
      4. ISO27034
   4. development models
      1. Build and Fix
      2. waterfall
      3. prototype
      4. sprial
      5. RAD
      6. AGILE
   5. maturity models
      1. CMM
         1. Initial
            1. ad hoc or even chaotic dev process
         2. Repeatable
            1. formal structure and change control
         3. Defined
            1. formal procedures and quantifable measures
         4. Managed
            1. qualifiable measures
         5. Optimised
            1. continuous improvement
   6. change control
      1. SCM tool
      2. software escrow
   7. Tools
      1. CASE
3. Databases
   1. DB software
      1. dbms
         1. retrofitting
            1. open front end
            2. clark wilson
      2. programming interface
   2. DB models
      1. hierarchical
      2. network
      3. relational
         1. DDL
         2. DML
         3. QL
         4. report generation
         5. data dictionary
         6. primary v foreign key
      4. object orientated
      5. object relational (ORD)
   3. integrity
      1. referential
      2. semantic
      3. rollback
      4. commit
      5. savepoints
   4. datawarehousing
      1. datamining/knowledge discovery database
      2. metadata
   5. issues and measures
      1. aggregation and inference
         1. cell suppression
         2. partitioning
         3. noise and perturbation
      2. views
         1. dac/mac
      3. confidentiality/integrity
         1. polyinstantiation
      4. availability
         1. OLTP in clustering
            1. ACID
4. Webapp security
   1. threats
      1. information gathering
      2. administrative interface
      3. authentication and access control
      4. input validation
      5. parameter validation
      6. session management
   2. principles
5. Malware
   1. virus
      1. macro
      2. bootsector
      3. compression
      4. stealth
      5. polymorphic
      6. multipart
      7. self-garbling
      8. meme
      9. script
      10. tunnelling
   2. worms
   3. rootkits
   4. spyware/adware
   5. botnets
      1. botherder
         1. irc
            1. C&C servers
         2. ddos
      2. uses
         1. spamming
         2. brute force
         3. ddos
         4. click fraud
         5. fastflux
         6. spreading illegal material
   6. logic bombs
   7. trojan horses
      1. rats
   8. protection
      1. anti-virus
         1. signature/fingerprint detetction
         2. heuristic detection
         3. behaviour block
         4. EICAR
      2. spam detection
         1. bayesian block
      3. anti-malware practices