chap 6 - Software development security

Question 1

define Threat model approach STRIDE (6 steps)

Answer 1

• Spoofing
• Tampering
• Repudiation
• information disclosure
• Denial of service
• Elevation of privilege

Question 2

what are type of threat modeling approach

Answer 2

• STRIDE
• PASTA
• Linddun
• Trike

Question 3

what is the threat surface

Answer 3

the total of all of these crossing points for given perimeter or boundary. each boundary crossing is an opportunity to apply controls to mitigate attacks

Question 4

what is a Simple Waterfall Software Lifecycle Development (SDLC)

Answer 4

the waterfall SDLC is the traditional software development methodology

phase incl.
1. concept (need identified)
2. requirement definition
3. system design
4. software and data systems coding
5. unit, subsystem and systems testing
6. acceptance testing
7. deployment to operational use

Question 5

what is a source code

Answer 5

set of statements written in human-readable form that are implementation of given design

Question 6

what is executable code (or object code)

Answer 6

is a binary representation of the machine language instruction set that the CPU directly execute

Question 7

what is an intermediate code

Answer 7

in between source code and executable code

Question 8

what is arbitrary code

Answer 8

attacker can fool the CPU into executing a different set of instructions then design for

Question 9

what are the programming language generations

Answer 9

generation 1 : simple instruction directly to CPU

generation 2: symbols as abbreviation for major instructions

generation 3: words as part of commands

generation 4: very high-level language / report generation

generation 5: constraint-based or logic programming -> failed in 90s

Question 10

what are Object-oriented language key characteristics

Answer 10

• encapsulating: data hiding
• inheritance: define subclass of data based on common characteristics
• polymorphism: Object can take many forms based on how it is used
• different data type: different data type can be processed differently

Question 11

what is polyinstantiation

Answer 11

prevent inference possibilities by creating a new version of an object, using the same identifier or key

Question 12

what is “distributed object-oriented systems”

Answer 12

distributed computing allows the sharing of resources

Question 13

what is an example of approach of distributed architecture based on distributed object

Answer 13

COBRA / RMI / EJB / DCOM

COBRA is a set of standards that addresses the need for interoperability between hardware and software residing in different machine across network

COBRA uses an ORB (object request broker) security system to find objects

Question 14

what does COBRA security service support

Answer 14

• access control
• data protection
• non-repudiation
• auditing

Question 15

what is the IT supply chain (who write you source code)

Answer 15

Trusted
- major hardware & systems vendors
- applications software providers
- 3rd party developers
- in-house developers

Less secured/trustworthy
- Open-source providers
- citizen programmers
- mobile code

Question 16

what are type of coding standard library, software reuse

Answer 16

• OSs and hardware libraries
• programming language libraries (IDE)
• development framework
• in-house, project specific, etc libraries
• third-party, open-source libraries from reputable sources
• third-party, open-source from unknown sources

Question 17

what are common exploitable software source code errors

Answer 17

1. Buffer overflow: buffer is contiguous area of storage used when transferring data
2. Malformed input attack: leverage design errors in software by providing inconsistent data inputs to induce app malfunction

3.

Question 18

what id defense programming

Answer 18

translates the business logic about acceptable and harmful input into code, which allow processing of the acceptable, but safely blocks attempts to input (or inject) harmful inputs

Question 19

what is a covert channel

Answer 19

covert channel or cover path is a communication pathway between two or more processes that transfers information in ways that violate some security policy or requirement

Question 20

what are types of covert channels

Answer 20

• covert storage channels (CSCs)
• Covert timing channels (CTCs)

Question 21

what are common software attack vectors

Answer 21

• Social engineering
• TOCTOU (time of check vs time of use)
• Race condition : exist when 2 tasks each depend upon the other’s successful completion for their own input
• between the lines attack: tap lines and false data inserted
• trapdoor and backdoor: hidden mechanism to bypass security

Question 22

what are threats to database and data warehouse architecture

Answer 22

• aggregation & inference
• bypass attack
• compromising database views used for access control
• exploits against alternative access routes
• data contamination
• deadlocking
• DoS
• Improper modification of information
• interception of data
• query attack
• physical or direct logical access to the server
• TOCTOU
• web-based attack
• unauthorized access

Question 23

what is a data lake

Answer 23

refer to large collections of data that has not been put into a common format or structure for a data warehouse

Question 24

what is a data farm

Answer 24

where predictive analytics and other techniques are used to generate data in between known or observed data points

Question 25

what is a Database management system (BDMS)

Answer 25

a suite of application programs that typically manages database and their environment

Question 26

what are the minimum requirements of any database model

Answer 26

1. transaction persistence
2. fault tolerance and recovery
3. sharing by multiple users
4. security controls

Question 27

what is the difference between database model and data model

Answer 27

database model: build specific database to meet business needs (DBMS)

data model: specific type of data in terms of logical structure, type values, inherent meaning

Question 28

what are type of database model

Answer 28

• hierarchical DB model (oldest)
• network DB mgmt model (COBOL / CODASYL)
• relational DB mgmt model (think excel table witch common factor)
• Object-oriented DB model
• Achieving data integrity in different DB model

Question 29

what are 2 advantages of network DB mgmt model

Answer 29

1. High-performance, high-volume storage mgmt
2. graph database

Question 30

what are common database interface language

Answer 30

• Structure query language (SQL)
• Markup Language & DB (HTML)

Question 31

what are the 3 sublanguages of SQL

Answer 31

1. data definition language (DDL)
2. Data Manipulation Language (DML)
3. Data Control Language (DCL)

Question 32

what are common connecting application to database

Answer 32

1. Extensible Markup Language (XML)
2. Open DB Connectivity (ODBC)
3. Java DB connectivity (JDBC)
4. Object linking and embedding DB (OLE DB)

Question 33

how are database access via internet

Answer 33

APIs -> application programming interfaces

others:
- tiered application approach
- ADO
- metadata
- OLAP

Question 34

what are common mistakes making website vulnerable

Answer 34

• attempting to reinvent access control
• attempting to reinvent design
• hard coding of authentication
• poor access control mgmt
• rushing website / new apps

Question 35

what are main web apps threats

Answer 35

• DoS
• man in the middle
• drive-by attack
• password attack
• SQL injection
• cross-site scripting
• eavesdropping
• birthday attack
• malware attack

Question 36

what are the main web apps protection existing

Answer 36

• security assurance sign-off for web server
• hardening OS
• network & vulnerability scans
• IDS
• firewall
• disabling unnecessary docs
• admin interface removed securely
• access from authorized hosts or network
• no hard coding authentication
• account lockout
• traffic encryption
• separation of user interface

Question 37

what is OWASP

Answer 37

provides several frameworks focused on the secure deployment of web apps

Question 38

what is a malware or malicious software

Answer 38

applications that have be written to do something harmful to resources and assets that have value to an organization

defined in terms of ability to attach to programs or executable files and so must, in some way, compromise the integrity of applications

Question 39

what is a virus

Answer 39

a software program written with intent and capability to copy and disperse itself without the knowledge and cooperation of the owner or user of the particular system

Question 40

what are the common type of viruses

Answer 40

• file injectors
• boot sector infectors
• system infectors
• companion virus
• email virus
• multipartite
• macro virus
• script virus

Question 41

what are other types of malware

Answer 41

• worms: reproduce and spread
• hoaxes: warning of non-existing virus
• trojans: program useful, but it is compromise by malicious
• RATs: provide remote access to host
• DDoS: sort of DoS -> overwhelm computing process
• Logic bombs: dormant until specific condition triggered
• spyware & adware: tracking tool
• pranks: commercial product for joking
• Botnets: network automated system/processes
• ransomware: encrypt files on targeted system

Question 42

Malware protection/cyber hygiene should include

Answer 42

• security evaluation
• establish procedures to handle email, attachment etc. (verify senders, labeling, etc.)
• policies/guidelines for removable media (USB)
• BYOD access mgmt
• anti-malware defense
• keep system and endpoint devices updated

Question 43

what are common tools anti-malware/anti-virus uses

Answer 43

• scanners
• heuristic scanners
• activity monitoring
• change detection
• reputation monitoring and zero-day exploits
• antivirus/anti-malware policies

Question 44

what are common types pf malware protection

Answer 44

• anti-malware system
• IDS/IPS
• software block/allowed list
• managed security services

Question 45

what are the main types of protection against ransomware

Answer 45

• denial
• detection
• containment
• response and recovery

Question 46

what are the phase in classic software development lifecycle (SDLC)

Answer 46

1. initiation / requirements
2. function design
3. detailed design
4. development
5. testing
6. production
7. maintenance
   (8. decommissioning/disposal)

Question 47

what is an SDLC “independent verification & validation (IV&V)

Answer 47

as part of acceptance test (for the handover of the finished software), the independent verification & validation is a series of test to ensure the operationality of the software

Question 48

what is DevOps and common principles

Answer 48

involves the quality assurance processes of the organization

common principles:
- develop and test against production-like systems
- deploy with repeatable and reliable process
- monitor and validate operational quality
- amplify feedback loops

Question 49

what is DevSecOps

Answer 49

merges two process models to include security requirements

Question 50

what are the different levels within capacity maturity model

Answer 50

• initial: process unpredictable / poorly controlled / reactive
• repeatable: processes are organized but reactive
• defined: processes well characterized / understood/proactiv
• managed: controlled using quantitative technics
• optimizing: processes are continually improved / optimized

Question 51

what is Representational state transfer (REST)

Answer 51

architectural style for designing networked architectures where components need to talk to each other

REST uses HTTP to provide synch

Question 52

what are REST-based APIs security recommendations

Answer 52

• employ the same security mechanism as APIs
• do not create / implement own security solution
• unless API is free (read-only public API), don’t use single auth
• don’t pass unencrypted static encryption keys
• use Hash-based message authentication cod (HMAC)

Question 53

what are the 3 main authentication options for REST APIs

Answer 53

• basic authentication with TLS
• OAuth 1.0
• OAuth 2.0

Question 54

what is a source code analysis tool and different approaches

Answer 54

designed to analyze source code and compiled or machine language code. it looks for security flaws and weakness

1. Static app security testing (SAST)
2. Dynamic app security testing (DAST)
3. Interactive app security testing (IAST)
4. Runtime app security protection (RASP)

Question 55

what is a sandbox

Answer 55

area where we can test certain pieces of code to see if they are malicious. provides a protectives area for program execution

Question 56

what are the 3 type of software development environment

Answer 56

1. development
2. Quality assurance
3. production

Question 57

what is a trusted computing base

Answer 57

collection of all hardware, software, firmware component within an architecture responsible for supporting the security policy and the isolation of objects

Question 58

DB mgmt system - ACID test

Answer 58

• atomicity = either do or not
• consistency = transform from state to another
• isolation = invisible until completed
• durability = transaction is permanent

Question 59

what are type of DBMS access control

Answer 59

• view-based access control
• grant & revoke access control
• security for OO database
• metadata controls
• data contamination control

Question 60

what is an “online transaction processing (OLTP)

Answer 60

used by industries such as finance, telecomms, insurance, retail, transport, etc.

record all business transaction (think travel)

Question 61

what are configuration mgmt (CM) software security steps

Answer 61

1. identifying
2. controlling
3. accounting
4. auditing

Question 62

what are the common “trusted computer system evaluation criteria (TCSEC) -> (cert. of evaluation assurance level EAL)

Answer 62

• EAL 7 = formally verified design and tested
• EAL 6 = semi-formally verified design and tested
• EAL 5 = semi-formally design and tested
• EAL 4 = Methodically designed tested & reviewed
• EAL 3 = Methodically tested & checked
• EAL 2 = structurally tested
• EAL 1 = functionally tested

Question 63

What type of security vulnerability are developers most likely to introduce into code when they seek to facilitate their own access, for testing purposes, to software they developed?

Answer 63

Maintenance hook

Maintenance hooks, otherwise known as backdoors, provide developers with easy access to a system, bypassing normal security controls.

Question 64

Betty is concerned about the use of buffer overflow attacks against a custom application developed for use in her organization. What security control would provide the strongest defence against these attacks?

Answer 64

Parameter checking

Parameter checking, or input validation, is used to ensure that input provided by users to an application matches the expected parameters for the application.

Question 65

Which one of the following systems assurance processes provides an independent third-party evaluation of a system’s controls that may be trusted by many different organizations?
A. Certification
B. Definition
C. Verification
D. Accreditation

Answer 65

Verification

The verification process is similar to the certification process in that it validates security controls.

Question 66

The _________ of a process consist(s) of the limits set on the memory addresses and resources that the process may access.
A. Perimeter
B. Confinement limits
C. Metes
D. Bounds

Answer 66

Bounds

Each process that runs on a system is assigned certain physical or logical bounds for resource access, such as memory.

Question 67

Object-oriented programming languages use a black box approach to development, where users of an object do not necessarily need to know the object’s implementation details. What term is used to describe this concept?

Answer 67

Abstraction

Abstraction uses a black box approach to hide the implementation details of an object from the users of that object

Question 68

Which of the following items are not commonly associated with restricted interfaces?
A. Shells
B. Keyboards
C. Menus
D. Database views

Answer 68

Keyboards

Menus, shells, and database views are all commonly used for constrained interfaces.

Question 69

What term properly describes what occurs when two or more processes require access to the same resource and must complete their tasks in the proper order for normal function?

Answer 69

Race conditions

Race conditions occur when two or more processes need to access the same resource in the right order. If an attacker can disrupt this order, they may be able to affect the normal operations of the system

Question 70

Which one of the following statements is not true about code review?
A. Code review should be a peer-driven process that includes multiple developers.
B. Code review may be automated.
C. Code review occurs during the design phase.
D. Code reviewers may expect to review several hundred lines of code per hour.

Answer 70

Code review occurs during the design phase.

Code review takes place after code has been developed, which occurs after the design phase of the system’s development life cycle (SDLC).

Question 71

Which one of the following attack types attempts to exploit the trust relationship that a user’s browser has with other websites by forcing the submission of an authenticated request to a third-party site?
A. XSS
B. CSRF
C. SQL injection
D. Session hijacking

Answer 71

CSRF

Cross-site request forgery (XSRF or CSRF) attacks exploit the trust that sites have in a user’s browser by attempting to force the submission of authenticated requests to third-party sites

Question 72

When using the SDLC, which one of these steps should you take before the others?
A. Functional requirements determination
B. Control specifications development
C. Code review
D. Design review

Answer 72

Functional requirements determination

The SDLC consists of seven phases, in the following order: conceptual definition, functional requirements determination, control specifications development, design review, code review, system test review, and maintenance and change management.

Question 73

Which one of the following is not a goal of software threat modelling?
A. To reduce the number of security-related design flaws
B. To reduce the number of security-related coding flaws
C. To reduce the severity of non-security-related flaws
D. To reduce the number of threat vectors

Answer 73

To reduce the number of threat vectors

Question 74

Which one of the following testing methodologies typically works without access to source code?
A. Dynamic testing
B. Static testing
C. White box testing
D. Code review

Answer 74

Dynamic testing

Dynamic testing of software typically occurs in a black box environment where the tester does not have access to the source code.

Question 75

What concept in object-oriented programming allows a subclass to access methods belonging to a superclass?

Answer 75

Inheritance

Inheritance occurs when a subclass (or child class) is able to use methods belonging to a superclass (or parent class). Polymorphism occurs when different subclasses may have different methods using the same interfaces that respond differently.

Question 76

Bobby is investigating how an authorized database user is gaining access to information outside his normal clearance level. Bobby believes that the user is making use of a type of function that summarizes data. What term describes this type of function?

Answer 76

Aggregate

Aggregate functions summarize large amounts of data and provide only summary information

Question 77

Which one of the following controls would best protect an application against buffer overflow attacks?

A. Encryption
B. Input validation
C. Firewall
D. Intrusion prevention system

Answer 77

B. Input validation

The best protection against buffer overflow attacks is server-side input validation.

Question 78

Which one of the following database keys is used to enforce referential integrity relationships between tables?
A. Primary key
B. Candidate key
C. Foreign key
D. Master key

Answer 78

C. Foreign key

Referential integrity ensures that records exist in a secondary table when they are referenced with a foreign key from another table. Foreign keys are the mechanism used to enforce referential integrity.

Question 79

Which one of the following files is most likely to contain a macro virus?
A. projections.doc
B. command.com
C. command.exe
D. loopmaster.exe

Answer 79

A. projections.doc

Macro viruses are most commonly found in office productivity documents

Question 80

When should a design review take place when following an SDLC approach to software development?

Answer 80

After the development of functional requirements

Design reviews should take place after the development of functional and control specifications but before the creation of code. The code review, unit testing, and functional testing all take place after the creation of code and, therefore, after the design review.

Question 81

Vivian would like to hire a software tester to come in and evaluate a new web application from a user’s perspective. Which of the following tests best simulates that perspective?
A. Black box
B. Gray box
C. Blue box
D. White box

Answer 81

Black box

Black box testing begins with no prior knowledge of the system implementation, simulating a user perspective. White box and gray box testing provide full and partial knowledge of the system, respectively, in advance of the test.

Question 82

Which one of the following programming languages does not make use of a compiler?
A. Java
B. C++
C. C
D. JavaScript

Answer 82

D. JavaScript

JavaScript is an interpreted language that does not make use of a compiler to transform code into an executable state. Java, C, and C++ are all compiled languages

Question 83

Which one of the following is not a technique used by virus authors to hide the existence of their virus from antimalware software?
A. Stealth
B. Multipartitism
C. Polymorphism
D. Encryption

Answer 83

Multipartitism

Multipartite viruses use multiple propagation mechanisms to defeat system security controls but do not necessarily include techniques designed to hide the malware from antivirus software.

Stealth viruses tamper with the operating system to hide their existence.

Polymorphic viruses alter their code on each system they infect to defeat signature detection.

Encrypted viruses use a similar technique, employing encryption to alter their appearance and avoid signature detection mechanisms.

Question 84

Which one of the following types of software testing usually occurs last and is executed against test scenarios?
A. Unit testing
B. Integration testing
C. User acceptance testing
D. System testing

Answer 84

User acceptance testing (UAT) is typically the last phase of the testing process. It verifies that the solution developed meets user requirements and validates it against use cases.

Question 85

In an object-oriented programming language, what does one object invoke in a second object to interact with the second object?

Answer 85

Method

When one object wishes to interact with another object, it does so by invoking one of the second object’s methods, including required and, perhaps, optional arguments to that method