Secure Software Eng.

Question 1

What is the ‘Security by Design’ principle?

Answer 1

The ‘Security by Design’ principle refers to the idea that software should be designed from the ground up to be secure. This means considering security at every stage of software development, from design to implementation to testing.

Question 2

What is the CIA triad in software security?

Answer 2

The CIA triad stands for Confidentiality, Integrity, and Availability. These are the three main objectives of a secure system: Confidentiality ensures that data is accessible only to authorized users, Integrity ensures that data is not altered or destroyed in an unauthorized manner, and Availability ensures that data is accessible to authorized users when needed.

Question 3

What are some common threats to software security?

Answer 3

Common threats to software security include spoofing, tampering, repudiation, information disclosure, denial of service, and elevation of privilege.

Question 4

What are misuse and abuse cases in software security?

Answer 4

Misuse and abuse cases are scenarios in which an actor (malicious or not) exploits a vulnerability or causes harm to the system. They help to identify and prevent potential security issues in the software development lifecycle (SDLC).

Question 5

What are security touchpoints in the software development lifecycle?

Answer 5

Security touchpoints are activities and techniques that can be applied at different stages of the SDLC to improve the security of the software, such as risk analysis, code review, penetration testing, and security operations.

Question 6

What is SQL injection and how can it be prevented?

Answer 6

SQL injection is a code-level vulnerability that allows an attacker to insert malicious SQL code into a query. It can be prevented by using parameterized queries or prepared statements, which separate the data from the command, thus preventing the attacker from manipulating the query structure.

Question 7

What is the role of risk analysis in secure software engineering?

Answer 7

Risk analysis in secure software engineering involves identifying potential threats and vulnerabilities in the system, assessing their impact and likelihood, and prioritizing mitigation efforts based on this assessment.

Question 8

What is the purpose of code review in secure software engineering?

Answer 8

The purpose of code review in secure software engineering is to identify and fix vulnerabilities in the code before they can be exploited. It involves systematically examining the code for errors, bugs, and security issues.

Question 9

What is penetration testing and why is it important in secure software engineering?

Answer 9

Penetration testing is a method of evaluating the security of a system by simulating attacks on it. It is important in secure software engineering because it helps to identify vulnerabilities that may not have been detected during the design and development stages.

Question 10

What is the role of security operations in secure software engineering?

Answer 10

Security operations in secure software engineering involve monitoring and managing the security of a system in operation. This includes incident response, disaster recovery, and continuous monitoring for new threats and vulnerabilities.

Question 11

What is the difference between confidentiality and privacy in the context of software security?

Answer 11

In the context of software security, confidentiality refers to the protection of data from unauthorized access, while privacy refers to the right of individuals to control how their personal information is collected and used.

Question 12

What is the principle of least privilege and why is it important in software security?

Answer 12

The principle of least privilege states that a user should be given the minimum levels of access necessary to complete his or her job functions. This principle is important in software security because it reduces the potential damage that can be caused by an attacker who gains access to a user’s account.

Question 13

What is a buffer overflow and how can it be prevented?

Answer 13

A buffer overflow is a type of vulnerability that occurs when more data is written to a buffer than it can hold, causing the excess data to overflow into adjacent memory. It can be prevented by using safe string handling functions and by performing bounds checking on array and string operations.

Question 14

What is cross-site scripting (XSS) and how can it be prevented?

Answer 14

Cross-site scripting (XSS) is a type of vulnerability that allows an attacker to inject malicious scripts into web pages viewed by other users. It can be prevented by validating and sanitizing user input, and by using response headers to control how the browser handles the data.

Question 15

What is a race condition and why is it a security concern?

Answer 15

A race condition is a situation in which the behavior of a system depends on the sequence or timing of other uncontrollable events. It is a security concern because it can lead to unpredictable and potentially harmful outcomes, such as data corruption or unauthorized access.

Question 16

What is the difference between symmetric and asymmetric encryption?

Answer 16

Symmetric encryption uses the same key for encryption and decryption, while asymmetric encryption uses a pair of keys: a public key for encryption and a private key for decryption. Asymmetric encryption is generally more secure but slower than symmetric encryption.

Question 17

What is a digital signature and why is it important in software security?

Answer 17

A digital signature is a cryptographic technique used to verify the authenticity and integrity of a message or document. It is important in software security because it provides assurance that the data has not been tampered with and that it originates from a verified source.

Question 18

What is two-factor authentication and why is it important in software security?

Answer 18

Two-factor authentication is a method of confirming a user’s identity by using two different factors: something they know (like a password), something they have (like a physical token or a smartphone), or something they are (like a fingerprint). It is important in software security because it provides an additional layer of protection against unauthorized access.

Question 19

What is a firewall and why is it important in software security?

Answer 19

A firewall is a network security device that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It is important in software security because it provides a barrier between a trusted internal network and untrusted external networks.

Question 20

What is social engineering and why is it a threat to software security?

Answer 20

Social engineering is a method of tricking people into revealing confidential information or performing actions that compromise security. It is a threat to software security because it exploits human vulnerabilities, which are often harder to protect against than technical vulnerabilities.

Question 21

What does STRIDE stand for?

Answer 21

Spoofing, Tampering, Repudiation, Information Disclosure, DoS, Elevation of privilege.

Question 22

Give an example for Spoofing:

Answer 22

An attacker broadcasts packages with a spoofed/changed source IP Adress.

Question 23

Give an example for Tampering:

Answer 23

An attacker modifies a software’s executable file to include malicious code that can compromise the system.

Question 24

Give an example for Repudiation:

Answer 24

A user performs a harmful action on a system, like deleting important files, and then denies having done it. Without proper logging and auditing in place, it might be difficult to prove the action was performed by the user.

Question 25

Give me an example of Information disclosure:

Answer 25

An application unintentionally reveals sensitive information in its error messages, which an attacker can use to gain knowledge about the system and plan further attacks.

Question 26

Give an Example of Denial of Service:

Answer 26

An attacker overwhelms a website with traffic (often using a botnet), causing the website to become slow or unresponsive for legitimate users.

Question 27

Give an example of elevation of privilege :

Answer 27

A regular user of a system exploits a vulnerability to gain administrator privileges, allowing them to perform actions they are not authorized to do under normal conditions.

Question 28

Give an example of confidentiality violation:

Answer 28

An attacker successfully carries out a phishing attack, tricking a user into revealing their login credentials. The attacker then uses these credentials to access the user’s private data.

Question 29

Give an example of Integrity violation:

Answer 29

A malware infects a user’s computer and alters the data in their files, causing the information to become incorrect or unusable.

Question 30

Give an example of Availability violation:

Answer 30

A Denial-of-Service (DoS) attack is performed on a website, overwhelming the site with traffic and causing it to become slow or unresponsive, thus making the site unavailable to legitimate users.