Soft Sec Final

Question 1

Difference between software security engineering and software engineering

Answer 1

software engineering is focused on building/making software, whereas software security is focused on the software’s security features

Question 2

Difference between software testing and security testing

Answer 2

software testing is looking for bugs whereas security testing is trying to find vulnerabilities

Question 3

Define penetrate and patch

Question 4

A design flaw of poor coding that may allow an attacker to cause damage

Answer 4

Vulnerability

Question 5

Software, data, or commands that take advantage of a weakness to cause unanticipated or unexpected beahviour

Answer 5

Exploit

Question 6

An actor or agent that is a source of danger to a system

Answer 6

Threat

Question 7

Failure of human cognition that can lead to problems

Answer 7

Human Error

Question 8

Difference between a vulnerability and an exploit

Answer 8

vulnerability is a bug or flaw within the code, whereas the exploit is the action of manipulating the vulnerability

Question 9

What is the recommended approach for mitigating SQL Injection vulnerabilities?

Answer 9

Sanitize all inputs and data validation

Question 10

What does STRIDE?

Answer 10

Spoofing, Tampering, Repudiation, Information, Denial of Service, Elevation of Privilege

Question 11

What does CIA stand for?

Answer 11

Confidentiality, Integrity, Availability

Question 12

In session hijacking, you can attack someone by pretending to be them by stealing their information. Which part of the system are you violating?

Answer 12

Authentication

Question 13

What is true about pen testing?

Answer 13

Is about attempting to exploit as much as possible, demonstrates the person-hours required to break into a system, requires a working system

Question 14

What is functional and adversarial security testing?

Answer 14

Functional tests the security mechanisms defined in the requirements, whereas adversarial testing uses a risk based approach to simulate an attacker

Question 15

Difference between misuse and abuse cases?

Answer 15

abuse cases are ways to exploit/take advantage whereas misuse are mistakes

Question 16

What are some examples of security by obscurity?

Answer 16

Placing admin page on a web page that has no links, and requiring a difficult to guess password for authnetication

Question 17

What is defense in depth?

Answer 17

someone breaks the first line of protection, but they cannot get any further

Question 18

What is least privilege?

Answer 18

Every user or module should be allowed minimum access required

Question 19

What does is mean to fail securely?

Answer 19

Make sure the error messages and exceptions do not reveal information or leave the system vulnerable

Question 20

What does is mean to have security by default?

Answer 20

Configure the system so you dont have to rely on your users to user it correctly

Question 21

What three statements of risk is true?

Answer 21

The risk associated with an event is the probability the event will happen times the expected damage of that event, risk=p(occurrence)impact, security risk=p(vulnerability)value of asset

Question 22

Do trusted messages need verification?

Answer 22

No, but untrusted messages do

Question 23

What is an example of a side channel attack?

Answer 23

using javascript to exercise a wifi chip so that it emits pulses of electromagnetic waves such that an AM radio can pick up the signal and leak

Question 24

what is an example of multifactor authentication?

Answer 24

Requiring the original invite to a party in addition to recognizing you invitees, and scanning an ID badge and entering PIN number on a keypad to open a door

Question 25

What are two facts about public keys?

Answer 25

better for communication between untrusted parties, and predominately accomplished today with RSA algorithm

Question 26

What are two facts about symmetric keys?

Answer 26

They are used in ssh, and is faster

Question 27

For ssal, how does one get their public key to be trusted?

Answer 27

certificate authority to verify key then they needs a private key

Question 28

What is a primary disadvantage of this approach?

Answer 28

It can be intercepted

Question 29

What can an attacker use to determine the paintext version of a common password hashed even with a currently safe algorithm like SHA-256

Answer 29

Rainbow Table

Question 30

Describe the process we discussed in class for mitigating the risk posed by this technique?

Answer 30

Adding a salt to the password

Question 31

We discussed locimetric systems as a replacement for passwords that involves memorizing areas of a single photograph. Advantages?

Answer 31

Easier to remember and less effort

Question 32

What are some disadvantages to locimetric systems?

Answer 32

Shoulder surfing and can be hard to implement/ tolerances could be low enough to guess

Question 33

What is true about OAuth?

Answer 33

The access token can specify the scope of the permissions like read and write, and the access token must be provided to obtain a resource

Question 34

We said that the most critical rule of release management is to never put the same version number on two different releases. Why?

Answer 34

Proper logging lets users know what they are getting into

Question 35

What is an insider threat in the context of cyber security?

Answer 35

Threat originating from individuals within an organization

Question 36

For validating input, what is the difference between a block list and an allow list?

Answer 36

block list blocks certain things and allow list permits things to enter

Question 37

What is a polyglot file?

Answer 37

multi extension file

Question 38

What is the attack surface of an application?

Answer 38

anything that requires external input

Question 39

List and briefly describe the ways we discussed in class to measure usability.

Answer 39

Time to learn - which is how long it takes to learn how to use the product
Retention over time - which is how useful the product is to come back to

Question 40

List the two ways we discussed in class to reduce the load on human memory and increase usability

Answer 40

Simple design and less things to remember

Question 41

Briefly define the software supply chain

Answer 41

Software supply chain is anything that is interacting with an application that is an external source and not controlled by the developer

Question 42

List 4 types of items that can be part of the software supply chain

Answer 42

Libraries, Hardware, DB operations, API integrations

Question 43

What does a dependency manager do?

Answer 43

Makes sure that there are no conflicts or vulnerabilities in your libraries

Question 44

What is the name of the dependency manager that we discussed in class?

Answer 44

dependabot

Question 45

Regarding deployment strategies, describe blue green deployment

Answer 45

Blue green uses 2 different groups of the same build and is used to see what bugs occur, then swaps builds so their is no downtime

Question 46

Describe the canary deployment

Answer 46

released a small amount of updates to users first to see how it works and depending on that, then it will be deployed at scale

Question 47

List the two types of information that must be included in a Incident Response Plan

Answer 47

Roles need to be outlined, defined, and assumed to prevent an overlap of responsibilities
Critical systems need to be documented to know where the incident response plan should focus efforts of mitigation

Question 48

For the following regulations, indicate their following domains, HIPAA, FERPA, GDPR

Answer 48

Medical, Education, EU