Term
| (T or F) According to Viega and McGraw, the biggest problem in computer security today is the misuse of cryptographic algorithms. The second biggest problem is the software. |
|
Definition
|
|
Term
| The three major trends cited by Viega and McGraw that are contributing to our computer security problems are: |
|
Definition
a. Computer networks are becoming ubiquitous.
b. The size and complexity of modern information systems.
c. The degree to which systems have become extensible. |
|
|
Term
Viega and McGraw say that security is best understood in terms of goals. Their list of goals DOES NOT include (check one):
a. ____ traceability and auditing
b. ____ privacy and confidentiality
c. ____ zero-defect strategy for software
d. ____ authentication
e. ____ integrit |
|
Definition
|
|
Term
| The most common implementation error in software security is the _________ ___________. |
|
Definition
|
|
Term
| Give a brief definition or characterization for “spoofing”. |
|
Definition
| The attacker generates phony network data to give the illusion that valid data is arriving. |
|
|
Term
Which of the following software project goals may conflict with security goals (check all that apply):
a. _____ functionality
b. _____ usability
c. _____ efficiency
d. _____ time-to-market
e. _____ simplicity |
|
Definition
|
|
Term
| (T or F) One downside of software risk management practices is that these practices are often inconsistent with spiral (or iterative) software development practices. |
|
Definition
|
|
Term
| (T or F) Risk management practices click in after the requirements are completely stabilized. |
|
Definition
|
|
Term
| (T or F) Sound software engineering is a prerequisite for sound software security. |
|
Definition
|
|
Term
| (T or F) Developers are likely to view security people as obstacles to be overcome, especially when the security folks are there right from the beginning of the project. |
|
Definition
|
|
Term
| (T or F) Security issues are only relevant during certain stages of the software lifecycle, such as requirements specification and testing. |
|
Definition
|
|
Term
| (T or F) According to Viega and McGraw, eXtreme Programming holds tremendous promise for solving many security problems in software development. |
|
Definition
|
|
Term
| (T or F) According to Viega and McGraw, ranking risks is a waste of time if the purpose is to deny attention to some security issues in a software product. All risks must be addressed, regardless of the cost. |
|
Definition
|
|
Term
| (T or F) According to Viega and McGraw, when a project gets to the code review stage, it is too late for a security engineer to be of much value. The main security issues relate to requirements and design. |
|
Definition
|
|
Term
| (T or F) According to Viega and McGraw, if an organization needs to devote considerable resources to testing, then that is an indication that the security issues were not adequately addressed earlier during product development. |
|
Definition
|
|
Term
1.Security testing is different from functional testing because the former (check all that apply):
a. _____ involves providing unexpected inputs to the system.
b. _____ involves probing a system in ways that an attacker might probe it.
c. ______ always conducted by an outside security consultant.
d. ______ code coverage is much less of an issue than for functional testing. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems.
Secure the _________ ______. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
Practice defense ____ ______. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
________ securely. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
Follow the principle of _______ __________. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
Compartmentalize! |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
Keep it _______. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
____________ privacy. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
Remember that _________ __________ is hard. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
Be reluctant to _________. |
|
Definition
|
|
Term
ten guidelines that Viega and McGraw give for avoiding potential security problems
Use your ____________ resources. |
|
Definition
|
|
Term
The two defining characteristics of the principle of least privilege are (check two):
a. _______ Only employees should have access to critical data.
b. _______ Grant the minimum access necessary to perform an operation.
c. _______ Partition resources and grant access to resources according to the partition boundaries.
d. _______ Grant access for the minimum amount of time necessary for the performance of an operation. |
|
Definition
|
|
Term
| (T or F) The UNIX operating system is considered reliable because it strongly enforces the principle of least privilege. |
|
Definition
|
|
Term
| (T or F) Historically, UNIX has strongly supported compartmentalization, which is why UNIX has few security flaws. |
|
Definition
|
|
Term
| (T or F) In designing secure systems, software developers need to acknowledge that users are lazy and will not read documentation (unless they absolutely have to). |
|
Definition
|
|
Term
| (T or F) One of the most effective ways to keep things secret is to store files in binary form. |
|
Definition
|
|
Term
| (T or F) It is foolish to trust cryptographic libraries that are widely used and disseminated because attackers have had plenty of time to play around with them. |
|
Definition
|
|
Term
| (T or F) Open source software is much more likely to be secure than closed source software. |
|
Definition
|
|
Term
1.Security analysis consists of several steps. These steps are shown below. Fill in both blanks with the same word or phrase:
a.We must define the project’s security environment and objectives.
b.We then can list the application’s potential threats and prioritize them.
c.The result is a ________ _____.
d.We can then evaluate the risks using the ___(same as missing element in previous bullet)____. |
|
Definition
|
|
Term
One approach to developing a threat model is to use the Stride categories. Fill in the missing elements:
S_____
T_____
R_____
I_____
D_____
E_____ |
|
Definition
Spoofing
Tampering
Repudiation
Information disclosure
Denial of service
Elevation of privilege |
|
|
Term
One approach to risk evaluation is to rate each threat on a scale of 1 to 10 using the Dread classiciation. Fill in the missing elements.
D_____
R_____
E_____
A_____
D_____ |
|
Definition
Damage potential
Reproducibility
Exploitability
Affected users (number of)
Discoverability |
|
|
Term
| (T or F) If UMLsec is used wisely to develop a secure design, then the implementation phase is highly unlikely to introduce security risks. |
|
Definition
|
|
Term
| (T or F) The static analyzers (like FlawFinder) that the authors used to detect coding problems rarely generated a false positive. In other words, almost all of the warnings from these systems flagged an important security issue that demanded immediate attention. |
|
Definition
|
|
Term
| (T or F) The people involved with the threat modeling project at Ford Motor company discovered that remote sessions (where participants were scattered across various locations) were just as effective for the team meetings as sessions in which people met face to face. |
|
Definition
|
|
Term
| (T or F) All use cases in the proposed system should be included in TAM (threat analysis and modeling). |
|
Definition
|
|
Term
| The TAM tool identifies three threats for each step in the use case. These threats are (list the threats): |
|
Definition
(1) confidentiality
(2) integrity
(3) availability |
|
|
Term
| (T or F) According to the TAM philosophy, even threats whose risks are assessed as being very low are just not acceptable. |
|
Definition
|
|
Term
| (T or F). The first phase in which security issues arise in a good software engineering process is during the architectural design phase. |
|
Definition
|
|
Term
| Microsoft has found that ____ percent of its software security problems are due to design flaws. |
|
Definition
|
|
Term
The article discusses the software processes that are known to produce more secure code with fewer defects. The processes recommended include (check all that apply):
____ a. PSP
____ b. TSP (and TSP-Secure)
____ c. Correctness by Construction
____ d. eXtreme Programming
____ e. Cleanroom software engineering |
|
Definition
|
|
Term
| (T or F) Although the Capability Maturity Model is known to produce higher quality products, so far no effort has been made to extend CMM to include security considerations. |
|
Definition
|
|
Term
Which of the following is NOT included in the authors’ list of developer guidelines for building secure software (check all that apply):
____ a. Practice defense in depth
____ b. Provide only absolutely necessary privileges
____ c. Never use homegrown encryption algorithms
____ d. Avoid simplicity. It’s a recipe for disaster.
____ e. Use code obfuscation whenever possible |
|
Definition
|
|
Term
Rank the following languages (and groups of languages) according to the authors’ view of security, with #1 being the least prone to vulnerabilities (the most secure), #2 being the middle level, and #3 being the most prone to vulnerabilities (the least secure).
____ a. C and C++
____ b. SPARK (a subset of Ada)
____ c. C# and Java |
|
Definition
__3_ C and C++
__1_ SPARK (a subset of Ada)
__2_ C# and Java |
|
|
Term
| (T or F) Although rigorous testing is important, ethical rules mandate that testers should not try to crash a system in the manner in which a malicious hacker might. |
|
Definition
|
|
