IIKG2001 Software Security

What is meant by the term holistic approach?

/hoʊˈlɪs·tɪk/ relating to the whole of something or to the total system instead of just to its parts. Holistic security is an approach that seeks to integrate all the elements designed to safeguard an organization, considering them as a complex and interconnected system.

What are the three classifications for threats? Explain how these can occur.

1. Disclosure: A possibility of disclosure exists when sensitive code is disclosed(allowed to be seen) to unauthorized individuals if they can check out the code without any authorization. The same threat of disclosure is possible when production data with actual and real significance is backed up to a developer or test machine, 19 Domain 1: Secure Software Concepts 1Secure Software Concepts when sensitive database connection information is hard-coded inline with code in clear text, or if the error and exception messages are not handled properly. 2. Alteration: Lack of or insufficient input validation can pose the threat of data alteration, resulting in violation of software integrity. 3. Destruction: Insufficient load testing, stress testing and code level testing pose the threat of destruction or unavailability.

Name the 5 ways of Handling Risk

1. Ignore the risk - They can choose to not handle the risk and do nothing, leaving the software as is. The risk is left unhandled. This is highly ill-advised because the organization can find itself at the end of a class action law suit and regulatory oversight for not protecting the data that its customers have entrusted to it. 2. Avoid the risk - They can choose to discontinue the ecommerce store, which is not practical from a business perspective because the ecommerce store is the primary source of sales for your organization. In certain situations, discontinuing use of the existing software may be a viable option, especially when the software is being replaced by a newer product. Risk may be avoided but it must never be ignored. 3. Mitigate the risk - The development team chooses to implement security controls (safeguards and countermeasures) to reduce the risk. They plan to use security protocols such as Secure Sockets Layer (SSL)/Transport Layer Security (TLS) or IPSec to safeguard sensitive card holder data over open, public networks. While the risk of disclosure during transmission is reduced, the residual risk that remains is the risk of disclosure in storage. You advise the development team of this risk. They choose to encrypt the information before storing it. While it may seem like the risk is mitigated completely, there still remains the risk of someone deciphering the original clear text from the encrypted text if the encryption solution is weakly implemented. 4. Accept the risk - At this juncture, management can choose to this accept the residual risk that remains and continue business operations or they can choose to continue to mitigate it by not storing disallowed card holder information. When the cost of implementing security controls outweighs the potential impact of the risk itself, one can accept the risk. However it is imperative to realize that the risk acceptance process must be a formal process and it must be well documented, preferably with a contingency plan to address the residual risk in subsequent releases of the software. 5. Transfer the risk - One additional method by which management can choose to address the risk is to simply transfer it. It must be understood however that it is the liability that is transferred and not necessarily the risk itself. This is because your customers are still going to hold you accountable for security breaches in your organization and the brand or reputational damage that can happen upon a breach may far outweigh the liability protection that your organization receives by way of transference of risk. Common ways to transfer the risk are by buying insurance and using disclaimers.

Give some examples of some software security controls.

1. Input validation, like for username and passwords 2. Clipping levels (thresholds of acceptable user errors and suspicious activities) 3. Source control (tracking and managing changes to code) 4. Software librarian (technical support needed to operate the automation, communication and on-line systems) 5. Restricted and supervised access control to data centers and filing cabinets that house sensitive information.

How many phases are there to the SDLC, and can you name all the phases?

1. Requirements specification 2. Design 3. Construction 4. Integreation 5. Testing and debugging 6. Installation 7. Maintenance

Name 4 Software Development Methodologies.

1. Waterfall model 2. Iterative model 3. Spiral model 4. Agile development methodologies

Name four models similar to SDLC, that are used to develop software.

1. Waterfall model 2. Iterative model 3. Spiral model 4. Agile development methodologies

What does SLA stand for, and what is it?

A Service Level Agreement (SLA) is an example of an instrument that can be used to explicitly state and govern availability requirements for business partners and clients. From setting the expectation of cost, quantity and level of responsiveness, SLAs provide a common ground for the provider and the customer.

What is a buffer overflow?

A buffer overflow (or buffer overrun) occurs when the volume of data exceeds the storage capacity of the memory buffer. As a result, the program attempting to write the data to the buffer overwrites adjacent memory locations.

What is Client Certificate-Based Authentication?

A client authentication certificate is a certificate used to authenticate clients during an SSL handshake. It authenticates users who access a server by exchanging the client authentication certificate.

The ISO/IEC 27000:2009 - Information Security Management System (ISMS) Overview and Vocabulary is an internationally recognized standard that provides...?

A common Glossary of Terms and definitions. It also provides an overview and introduction to the ISMS(Information Security Management System) family of standards.

What is Data Classification?

A data classification policy is a comprehensive plan used to categorize a company's stored information based on its sensitivity level, ensuring proper handling and lowering organizational risk. Data or information can be considered to be the most valuable asset that a company has, second only to its people. Like any asset that warrants protection, data as a digital asset needs to be protected as well. Data classification is part of information lifecycle management.

What is FIPS 186? Explain.

A federal information processing standard that prescribes guidelines for: Digital Signature Standard: A suite of algorithms that can be used to generate a digital signature. In addition to being used for detection of unauthorized modifications, digital can also be used to authenticate the identity of the signatory.

What is FIPS 197? Explain.

A federal information processing standard that prescribes guidelines for: FIPS 197: Advanced Encryption Standard: Specifies an approved cryptographic algorithm to ensure the confidentiality of electronic data.

What is FIPS 201? Explain.

A federal information processing standard that prescribes guidelines for: Personal Identity Verification (PIV) of Federal Employees and Contractors: Ensures that the claimed identity of personnel (employees and contractors) who require physical or electronic access to secure and sensitive facilities and data are appropriately verified.

What is FIPS 140? Explain.

A federal information processing standard that prescribes guidelines for: Security Requirement for Cryptographic Modules: The security requirements cover areas that are related to secure design and implementation of a cryptographic module.

What is COBIT and how does it work?

A framework that aims to help organizations that are looking to develop, implement, monitor, and improve IT governance and information management.

What is a Requirements Traceability Matrix (RTM)?

A generic RTM is a table of information that lists the business requirements in the left most column, the functional requirements that address the business requirements are in the next column. A generic RTM can be modified to include security requirements as well. See image for benefits of using RTM.

What is a Key Management Lifecycle?

A management life cycle that includes the generation, exchange, storage, rotation, archiving, and destruction of the key. By key, we are talking about encryption keys.

What is Mandatory Access Control (MAC)?

A means of restricting access to system resources based on the sensitivity (as represented by a label) of the information contained in the system resource and the formal authorization (i.e., clearance) of users to access information of such sensitivity. Users are only able to access the information in a resource to which they are entitled based on the security labels that they have been assigned. In the event that the user's security label does not have sufficient authorization, the user will not be able to access the information contained in the resource.

What is Role-Based Access Control (RBAC)?

A method for restricting data access based on a user's role in the company.

What is Black-box Security Testing?

A method of software security testing in which the security controls, defences and design of an application are tested from the outside-in, with little or no prior knowledge of the application's internal workings. Essentially, black-box testing takes an approach similar to that of a real attacker.

What is Banner grabbing?

A method used by attackers and security teams to obtain information about network computer systems and services running on open ports. A banner is a text displayed by a host that provides details such as the type and version of software running on the system or server.

Explain Sherwood Applied Business Security Architecture (SABSA)

A model and methodology for developing a risk-driven enterprise information security architecture and service management, to support critical business processes. Risk-driven means being motivated to react and intervene based on an assessment of risk factors and the probability that they will lead to significant harms or victimization. Spiral model is a risk-driven software development process model.

What is NDA in cyber security?

A non-disclosure agreement is a legal document which sets rules and principles for the confidentiality of the information to be exchanged.

What is Threat Modeling?

A process of Identifying and implementing conutermeasurements against potential structural vulenrabilites or other absence of appropriate safeguards. Implementing is important here. This would mean we could be initiating threat modeling in the Design phase(while we're actually coming up with the idea of a design) of the SDLC.

Assembly and machine language are examples of: A. natural language. B. very high-level language (VHLL). C. high-level language (HLL). D. low-level language.

A programming language in which there is little to no abstraction from the native instruction codes that the computer can understand is also referred to as low-level language. There is no abstraction from native instruction codes in machine language. Assembly languages are the lowest level in the software chain, which makes it incredibly suitable for reversing. It is therefore important to have an understanding of low-level programming languages to understand how an attacker will attempt to circumvent the security of the application at its lowest level.

What is a Race conditions?

A race condition is an undesirable situation that occurs when a device or system attempts to perform two or more operations at the same time, but because of the nature of the device or system, the operations must be done in the proper sequence to be done correctly.

What is an Evaluation Assurance Level (EAL)?

A ranking system assigned to an IT product or system after a Common Criteria security evaluation. The level indicates to what extent the product or system was tested. A product or system must meet specific assurance requirements to achieve a particular EAL. Memorize the table in the image.

What is a rootkit?

A rootkit is software used by cybercriminals to gain control over a target computer or network. Rootkits can sometimes appear as a single piece of software but are often made up of a collection of tools that allow hackers administrator-level control over the target device.

What is a security auditor?

A security audit is a systematic evaluation of the security of a company's information system.

What is Data Execution Prevention (DEP)?

A security feature that can help prevent damage to your computer from viruses and other security threats. Harmful programs can try to attack Windows by attempting to run (also known as execute) code from system memory locations reserved for Windows and other authorized programs. It is a system-level memory protection feature that is built into the operating system.

Explain the Design Security Principle: Psychological Acceptability

A security principle that aims at maximizing the usage and adoption of the security functionality in the software by ensuring that the security functionality is easy to use and at the same time transparent to the user. Ease of use and transparency are essential requirements for this security principle to be effective.

Explain the Design Security Principle: Fail Secure

A security principle that aims to maintaining confidentiality, integrity and availability by defaulting to a secure state, rapid recovery of software resiliency upon design or implementation failure. In the context of software security, fail secure is commonly used interchangeably with fail safe, which comes from physical security terminology.

Explain the Design Security Principle: Complete Mediation

A security principle that ensures that authority is not circumvented in subsequent requests of an object by a subject, by checking for authorization (rights and privileges) upon every request for the object. In order words, the access requests by a subject for an object is completed mediated(to work with opposing sides in an argument in order to bring about an agreement) each time, every time.

What is a side channel attack?

A side-channel attack (SCA) is a security exploit that attempts to extract secrets from a chip or a system physically. This can be achieved by measuring or analyzing various physical parameters. Examples include supply current, execution time, and electromagnetic emission.

What is a checksum?

A simple file integrity check in which the values of individual bits or bytes are summed up and compared to a stored value for a reference version(aka changes made, aka integrity) of the file.

What is The Data Encryption Standard?

A symmetric-key algorithm for the encryption of digital data. Although its short key length of 56 bits makes it too insecure for modern applications, it has been highly influential in the advancement of cryptography.

What is Glass-box Security Testing?

A testing technique that examines the program structure and derives test data from the program logic/code.

Define Threat

A threat is merely the possibility of an unwanted, unintended or harmful event occurring. Vulnerabilities, which can be exploited by an attacker, pose threats to assets.

What is a database trigger?

A trigger is a special type of stored procedure that automatically runs when an event occurs in the database server. DML triggers run when a user tries to modify data through a data manipulation language (DML) event. DML events are INSERT, UPDATE, or DELETE statements on a table or view.

What is The Triple Data Encryption Standard (DES)?

A type of computerized cryptography where block cipher algorithms are applied three times to each data block. The key size is increased in Triple DES to ensure additional security through encryption capabilities.

What is regression testing?

A type of software testing that is used to verify any modification or update in a software without affecting the overall working functionality of the said software.

Define Vulnerability

A weakness or flaw that could be accidently triggered or intentionally exploited by an attacker, resulting in the breach or breakdown of the security policy is known as a vulnerability. Vulnerabilities can be evident in the process, the design or in the implementation of the system or software.

What is Rich Internet Application?

A web application that has many of the characteristics of desktop application software.

Infinite loops and improper memory calls are often known to cause threats to which of the following? A. Availability. B. Authentication. C. Authorization. D. Accountability.

A. Availability. Improper coding constructs such as infinite loops and improper memory management can lead to denial of service and resource exhaustion issues, which impacted availability. Race condition is an example of improper coding.

Organizations often pre-determine the acceptable number of user errors before recording them as security violations. This number is otherwise known as?

A. Clipping level.

Which type of information is exempt from confidentiality requirements?

A. Directory information.

Which of the following is the PRIMARY reason for an application to be susceptible to a Man-in-the-Middle (MITM) attack? A. Improper session management B. Lack of auditing C. Improper archiving D. Lack of encryption

A. Improper session management A session is a lightweight mechanism for securing any kind of network communication. All the options are reasons for possible MITM attacks, but according to the book, option A is the PRIMARY. It does make sense if we consider the word "session" as a generalized definition for any kind of network communication. Lack of encruption would be a part of an improper session.

The use of IF-THEN rules is characteristic of which of the following types of software testing? A. Logic. B. Scalability. C. Integration. D. Unit.

A. Logic. IF-THEN rules are constructs of logic and when these constructs are used for software testing, it is generally referred to as logic testing.

When a customer attempts to log into their bank account, the customer is required to enter a nonce from the token device that was issued to the customer by the bank. This type of authentication is also known as?

A. Ownership based authentication Authentication can be achieved in one or more of the following ways. Using something one knows (knowledge based), something one has (ownership based) and something one is (characteristic based). Using a token device is ownership based authentication.

Which of the following is LEAST LIKELY to be identified by misuse case modeling? A. Race conditions B. Mis-actors C. Attacker's perspective D. Negative requirements

A. Race conditions Misuse cases, also known as abuse cases help identify security requirements(race condition is not a security requirement. its a code fault) by modeling negative scenarios. A negative scenario is an unintended behavior of the system, one that the system owner does not want to occur within the context of the use case. Misuse cases provide insight into the threats that can occur against the system or software. It provides the hostile users point of view and is an inverse of the use case. Misuse case modeling is similar to the use case modeling, except that in misuse case modeling, mis-actors and unintended scenarios or behavior are modeled. Misuse cases may be intentional or accidental. One of the most distinctive traits of misuse cases is that they can be used to elicit security requirements unlike other requirements determination methods that focus on end-user functional requirements.

Which of the following is an implementation of the principle of least privilege? A. Sandboxing. B. Tokenization. C. Versioning. D. Concurrency.

A. Sandboxing. Sandboxing is an example of the principle of least privilege. Running code in a sandbox (or jail) restricts the access that the code has on other system resources.

When software is purchased from a third party instead of being built in-house, it is imperative to have contractual protection in place and have the software requirements explicitly specified in which of the following? A. Service Level Agreements (SLA). B. Non-Disclosure Agreements (NDA). C. Non-compete Agreements. D. Project plan.

A. Service Level Agreements (SLA). (level of quality) SLAs should contain the levels of service expected for the software to provide and this becomes crucial when the software is not developed in-house.

Which of the following tools or techniques can be used to facilitate the white box testing of software for insider threats? A. Source code analyzers. B. Fuzzers. C. Banner grabbing software. D. Scanners.

A. Source code analyzers. White box testing or structural analysis is about testing the software with prior knowledge of the code and configuration. Source code review is a type of white box testing. Embedded code issues such as Trojan horses, logic bomb etc. that are implanted by insiders can be detected using source code analyzers.

A Man-in-the-Middle (MITM) attack is PRIMARILY an expression of which type of the following threats? A. Spoofing B. Tampering C. Repudiation D. Information disclosure

A. Spoofing Although it may seem that a MITM attack is an expression of the threat of repudiation, and it very well could be, it is PRIMARILY a spoofing threat. In a spoofing attack, an attacker impersonates a different person and pretends to be a legitimate user of the system. Spoofing attack is mitigated through authentication so that adversaries cannot become any other user or assume the attributes of another user. When undertaking a threat modeling exercise, it is important to list all possible threats, regardless of whether they have been mitigated so that you can later generate test cases where necessary. If the threat is not documented, there is a high likelihood that the software will not be tested for those threats. Using a categorized list of threats (such as STRIDE which is an acronym of Spoofing, Tampering, Repudiation, Information Disclosure, Denial of Service and Elevation of Privilege) is useful to list all possible threats.

The implementation of secure features such as complete mediation and data replication needs to undergo which of the following types of test to ensure that the software meets the service level agreements (SLA)? A. Stress. B. Unit. C. Integration. D. Regression.

A. Stress. Tests that assure that the service level requirements are met is characteristic of performance testing. Load and stress testing are types of performance tests. While stress testing is testing by starving the software, load testing is done by subjecting the software to extreme volumes or load.

The ability to track ownership, changes in code and rollback abilities is possible because of which of the following configuration management processes? A. Version control. B. Patching. C. Audit logging. D. Change control.

A. Version control. The ability to track ownership, changes in code and rollback abilities is possible because of versioning which is a configuration management processes. Release management of software should include proper source code control and versioning. A phenomenon known as "regenerative bugs" is often observed when it comes to improper release management processes. Regenerative bugs are fixed software defects that reappear in subsequent releases of the software. This happens when the software coding defect (bug) is detected in the testing environment (such as user acceptance testing) and the fix is made in that test environment and promoted to production without retrofitting it into the development environment. The latest version in the development environment does not have the fix and the issue reappears in subsequent versions of the software.

Exploit code attempt to take control of dangling pointers which: A. are references to memory locations of destroyed objects. B. is the non-functional code that that is left behind in the source. C. is the payload code that the attacker uploads into memory to execute. D. are references in memory locations that are used prior to being initialized

A. are references to memory locations of destroyed objects. A dangling pointer, also known as a stray pointer, occurs when a pointer points to an invalid memory address. This is often observed when memory management is left to the developer. Dangling pointers are usually created in one of two ways: an object is destroyed (freed) but the reference to the object is not reassigned and is later used or a local object is popped from the stack when the function returns but a reference to the stack allocated object is still maintained. Attackers write exploit code to take control of dangling pointers so that they can move the pointer to where their arbitrary shell code is injected.

The use of an individual's physical characteristics such as retinal blood patterns and fingerprints for validating and verifying the user's identity if referred to as...?

A. biometric authentication. Forms authentication has to do with usernames and passwords that are input into a form (like a web page/form). Basic authentication transmits the credential s in Base64 encoded form while digest authentication provides the credentials as a hash value (also known as a message digest). Token based authentication uses credentials in the form of specialized tokens which is often used with a token device. Biometric authentication uses physical characteristics to provide the credential information.

The FIRST step in the Protection Needs Elicitation (PNE) process is to...?

A. engage the customer IT is there for the business and not the other way round. The first step when determining protection needs is to engage the customer followed by modeling the information and identifying least privilege scenarios. Once an application profile is developed, then we can undertake threat modeling and analysis to determine the risk levels which can be communicated to the business to prioritize the risk.

When internal business functionality is abstracted into service oriented contract based interfaces, it is PRIMARILY used to provide for: A. interoperability. B. authentication. C. authorization. D. installation ease.

A. interoperability. A distinctive characteristic of SOA is that the business logic is abstracted into discoverable and reusable contract based interfaces to promote interoperability between heterogeneous computing ecosystems.

Penetration testing must be conducted with properly defined: A. rules of engagement. B. role based access control mechanisms. C. threat models. D. use cases.

A. rules of engagement. Penetration testing must be controlled and not ad hoc in nature with properly defined rules of engagement.

The MAIN reason as to why the availability aspects of software must be part of the organization's software security initiatives is?

A. software issues can cause downtime to the business

Most Supervisory Control And Data Acquisition (SCADA) systems are susceptible to software attacks because: A. they were not initially implemented with security in mind. B. the skills of a hacker has increased significantly. C. the data that they collect are of top secret classification. D. the firewalls that are installed in front of these devices have been breached.

A. they were not initially implemented with security in mind Most SCADA systems were not originally designed with security in mind and basic protection mechanisms like authentication and authorization, to these systems is weak, if at all present.

What does Accountability Requirements intale?

Accountability requirements are those that assist in building a historical record of user actions. Audit trails can help detect when an unauthorized user makes a change or an authorized user makes an unauthorized change, both of which are cases of integrity violations.

What is Address Space Layout Randomization?

Address space layout randomization (ASLR) is a technique that is used to increase the difficulty of performing a buffer overflow attack that requires the attacker to know the location of an executable in memory. ASLR can locate the base, libraries, heap, and stack at random positions in a process's address space, which makes it difficult for an attacking program to predict the memory address of the next instruction.

What is Rijndael?

Advanced Encryption Standard (AES) algorithm that is more secure than DES and Triple DES algorithms.

What does APT's stand for?

Advanced Persistent Threats.

Explain the Design Security Principle: Defense in Depth (or) Layered Defense

Also known as layered defense, defense in depth is a security principle where single points of complete compromise are eliminated or mitigated by the incorporation of a series or multiple layers of security safeguards and risk-mitigation countermeasures.

Explain the Design Security Principle: Separation of Duties (or) Compartmentalization Principle (or) Separation of privilege.

Also known as the compartmentalization principle, or separation of privilege, separation of duties is a security principle which states that the successful completion of a single task is dependent upon two or more conditions that need to be met and just one of the conditions will be insufficient in completing the task by itself.

What is Non-Discretionary Access Control (NDAC)?

An access control policy that is uniformly enforced across all subjects and objects within the boundary of an information system. It's kinda the "norm" in these daysfor alot of systems we interact with.

What is Cross-Site Request Forgery in cyber security?

An attack that forces an end user to execute unwanted actions on a web application in which they're currently authenticated. With a little help of social engineering (such as sending a link via email or chat), an attacker may trick the users of a web application into executing actions of the attacker's choosing. If the victim is a normal user, a successful CSRF attack can force the user to perform state changing requests like transferring funds, changing their email address, and so forth.

What is Data Repudiation?

An attack that happens when an application or system does not adopt controls to properly track and log users' actions, thus permitting malicious manipulation or forging the identification of new actions.

What is an Injection flaw?

An injection flaw is a vulnerability which allows an attacker to relay malicious code through an application to another system. This can include compromising both backend systems as well as other clients connected to the vulnerable application.

What is a Security Policy?

An instrument that is used to communicate and mandate organizational and management goals and objectives at a high level. It can be a document that states in writing how a company plans to protect its physical and information technology (IT) assets. It is the instrument by which digital assets that require protection can be identified.

What is Data Tampering?

An intentional but unauthorized act resulting in the modification of a system, components of systems, its intended behavior, or data.

What do we mean by Lightweight Directory Access Protocol?

An open and cross platform protocol used for directory services authentication. LDAP provides the communication language that applications use to communicate with other directory services servers.

What does SP 800-30: Risk Management Guide for IT provide?

An overview of risk management and covers items that are deemed critical success factors for an effective risk management program. The guide also covers how risk management can be integrated into the systems development life cycle along with the roles of individuals and their responsibilities in the process.

What is a mis-actor?

An unwanted actor. Same as threat actors but can be internal to the company.

What is Anonymous Authentication?

Anonymous authentication gives users access to a website without prompting them for a user name or password.

Define Threat Agent

Anyone or anything that has the potential to make a threat materialize is known as the threat-source or threat-agent. Threat agents may be human or non-human. Examples of non-human threat-agents in addition to nature that are prevalent in this day and age are malicious software (malware), such as adware, spyware, viruses and worms.

What is Advanced Encryption Security (AES)?

Approved cryptographic algorithm to ensure the confidentiality of electronic data. The AES algorithm is a symmetric block cipher that can be used to encrypt (convert humanly intelligible plaintext to unintelligible form called cipher text) and decrypt (convert cipher text to plaintext).

What are Distant Observation attacks?

As the name suggests, distant observation attacks is a shoulder surfing attack, where the attacker observes and discovers information of a system indirectly from a distance. Observing through a telescope or using a reflected image off someone's eye, eyeglasses, monitor or other reflective devices are some wellknown examples of distant observation attacks.

Define Asset

Assets are those items that are valuable to the organization, the loss of which can potentially cause disruptions in the organization's ability to accomplish its missions. Some of the other reasons that enforce the need to protect assets today are regulations, compliance, privacy or the need to have a competitive advantage. Assets may be tangible or intangible(not touchable) in nature. Tangible: Goods that are tangible include anything that can be physically touched, including things like printed books. One of the easiest ways to determine whether a good is tangible or not is to ask if a person could physically touch it or pick it up.

What does SP 800-61 - Computer Security Incident Handling Guide provide?

Assists organizations in establishing capabilities and incident handling procedures to efficiently and effectively handle security threats and breaches that are prevalent and evident today.

Define Audit logging

Audit logging is the process of documenting activity within the software systems used across your organization. Audit logs record the occurrence of an event, the time at which it occurred, the responsible user or service, and the impacted entity.

What is Digest Autentication?

Authentication type specified in HTTP 1.1. Unlike basic authentication, digest authentication does not require the password to be transmitted. Rather, the client takes the username and password and uses the MD5 hashing algorithm to create a hash, which is then sent to the SQL Server.

In which of the following software development methodologies does unit testing enable collective code ownership and is critical to assure software assurance? A. Waterfall. B. Agile. C. Spiral. D. Prototyping.

B. Agile. Unit testing enables collective code ownership. Collective code ownership encourages everyone to contribute new ideas to all segments of the project. Any developer can change any line of code to add functionality, fix bugs, or re-factor. No one person becomes a bottleneck for changes. The way this works is for each developer that work in concert (usually more in agile methodologies than the traditional model) create unit tests for his/her code as it is developed. All code that is released into the source code repository includes unit tests. Code that is added, bugs as they are fixed, and old functionality as it is changed will be covered by automated testing.

Which of the following policies is MOST likely to include the following requirement? "All software processing financial transactions need to use more than one factor to verify the identity of the entity requesting access"" A. Authorization. (has correct access-priviliges) B. Authentication. (the correct person) C. Auditing. (security audit is a systematic evaluation of the security) D. Availability.

B. Authentication. When two factors are used to validate an entity's claim and/or credentials, it is referred to as two-factor authentication and when more than two factors are used for authentication purposes, it is referred to as multi-factor authentication. It is important to determine first, if there exists a need for two- or multi-factor authentication.

When very limited or no knowledge of the software is made known to the software tester before she can test for its resiliency, it is characteristic of which of the following types of security tests? A. White box. B. Black box. C. Clear box. D. Glass box.

B. Black box. In black box or behavioral testing, test conditions are developed on the basis of the program's or system's functionality; that is, the tester requires information about the input data and observed output, but does not know how the program or system works. The tester focuses on testing the program's behavior (or functionality) against the specification. With black box testing, the tester views the program as a black box and is completely unconcerned with the internal structure of the program or system. In white box or structural testing, the tester knows the internal program structure such as paths, statement coverage, branching, and logic. White box testing is also referred to as clear box or glass box testing. Gray box testing is a software testing technique that uses a combination of black box and white box testing.

An attacker analyzes the response from the web server which indicates that its version is the Microsoft Internet Information Server 6.0 (Microsoft-IIS/6.0), but none of the IIS exploits that the attacker attempts to execute on the web server are successful. Which of the following is the MOST probable security control that is implemented? A. Hashing. B. Cloaking. C. Masking. D. Watermarking.

B. Cloaking. Detection of web server versions is usually done by analyzing HTTP responses. This process is known as banner grabbing. But administrator can change the information that gets reported and this process is known as cloaking. Banner cloaking is a security through obscurity approach to protect against version enumeration.

Multi-factor authentication is most closely related to which of the following security design principles?

B. Defense in depth.

During which phase of the software development lifecycle (SDLC) is threat modeling initiated?

B. Design Although it is important to visit the threat model during the development, testing and deployment phase of the software development lifecycle (SDLC), the threat modeling exercise should start in the design phase of the SDLC.

A means of restricting access to objects based on the identity of subjects and/or groups to which they belong, as mandated by the requested resource owner is the definition of A. Non-discretionary Access Control (NDAC). B. Discretionary Access Control (DAC). C. Mandatory Access Control (MAC). D. Role based Access Control.

B. Discretionary Access Control (DAC). Discretionary access control (DAC) is defined as "a means of restricting access to objects based on the identity of subjects and/or groups to which they belong." The controls are discretionary in the sense that a subject with a certain access permission is capable of passing that permission (perhaps indirectly) on to any other subject. DAC restricts access to objects based on the identity of the subject and is distinctly characterized by the owner of the resource deciding who has access and their level of privileges or rights.

Web farm data corruption issues and card holder data encryption requirements need to be captured as part of which of the following requirements? A. Integrity. B. Environment. C. International. D. Procurement.

B. Environment. When determining requirements it is important to elicit requirements that are tied to the environment in which the data will be marshaled or processed. Viewstate corruption issues in web farm settings where all the servers were not configured identically or lack of card holder data encryption in public networks have been observed when the environmental requirements were not identified or taken into account.

As part of the test data management strategy, when a criteria is applied to export selective information from a production system to the test environment, it is also referred to as: A. Subletting. B. Filtering. C. Validation. D. Subsetting.

B. Filtering. The defining of subset criteria to export only certain kinds of information from the production environment to the test environment is also known as subsetting.

Which of the following MUST be addressed by software security requirements? Choose the BEST answer. A. Technology used in building the application. B. Goals and objectives of the organization. C. Software quality requirements. D. External auditor requirements.

B. Goals and objectives of the organization. Security requirements need to be explicitly defined and must address the security objectives or goals of the company. Properly and adequately defining and documenting security requirements, makes the measurement of security objectives or goals, once the software is ready for release or accepted for deployment, possible and easy. While external auditor, internal quality requirements and technology are factors that need consideration, compliance with organizational policies must be the foremost consideration.

When designing software to work in a mobile computing environment, the Trusted Platform Module (TPM) chip can be used to provide which of the following types of information? A. Authorization. B. Identification. C. Archiving. D. Auditing.

B. Identification. Trusted Platform Module (TPM) is the name assigned to a chip that can store cryptographic keys, passwords, or certificates. It can be used to protect mobile devices besides personal computers. It is also used to provide identity information for authentication purposes in mobile computing. It also assures secure startup and integrity. The TPM can be used to generate values used with whole disk encryption such as the Windows Vista's BitLocker. It is developed to specifications of the Trusted Computing Group.

When two or more trivial pieces of information are brought together with the aim of gleaning(obtain information from various sources, often with difficulty) sensitive information, it is referred to as what type of attack? A. Injection. B. Inference. C. Phishing. D. Polyinstantiation.

B. Inference. An inference attack is one in which the attacker combines information that is available in the database with a suitable analysis to glean information that is presumably hidden or not as evident. This means that individual data elements when viewed collectively can reveal confidential information. It is therefore, possible to have public elements in a database reveal private information by inference. The first thing to ensure is that the database administrator does not have direct access to the data in the database and that the administrator's access of the database is mediated by a program (the application) and audited. In situations, where direct database access is necessary, it is important to ensure that the database design is not susceptible to inference attacks. Inference attacks can be mitigated by polyinstantiation.

Data classification is a core activity that is conducted as part of which of the following? A. Key Management Lifecycle B. Information Lifecycle Management C. Configuration Management D. Problem Management

B. Information Lifecycle Management. Data classification is the conscious effort to assign a level of sensitivity to data assets, based on potential impact upon disclosure, alteration or destruction. The results of the classification exercise can then be used to categorize the data elements into appropriate buckets. Data classification is part of information lifecycle management.

The resiliency of software to withstand attacks that attempt modify or alter data in an unauthorized manner is referred to as?

B. Integrity

The requirements that assure reliability and prevent alterations are to be identified in which section of the software requirements specifications (SRS) documentation? A. Confidentiality. B. Integrity. C. Availability. D. Accountability.

B. Integrity. Destruction is the threat against availability as disclosure is the threat against confidentiality and alteration being the threat against integrity.

Checksum validation can be used to satisfy which of the following requirements? A. Confidentiality. B. Integrity. C. Availability. D. Authentication.

B. Integrity. Parity bit checking is useful in the detection of errors or changes made to data when it is transmitted. A common usage of parity bit checking is to do a Cyclic Redundancy Check (CRC) for data integrity as well, especially for messages longer than one byte (8 bits) long. Upon data transmission, each block of data is given a computed CRC value, commonly referred to as a checksum. If there is an alteration between the origin of data and its destination, the checksum sent at the origin will not match with the one that is computed at the destination. Corrupted media (CD's, DVDs) and incomplete downloads of software yield CRC errors.

Which of the following is a PRIMARY consideration for the software publisher when selling Commercially Off the Shelf (COTS) software? A. Service Level Agreements (SLAs). B. Intellectual Property protection. C. Cost of customization. D. Review of the code for backdoors and Trojan horses.

B. Intellectual Property protection.

Disassemblers, debuggers and decompilers can be used by security testers to PRIMARILY determine which of the following types of coding vulnerabilities? A. Injection flaws. B. Lack of reverse engineering protection. C. Cross-Site Scripting. D. Broken session management.

B. Lack of reverse engineering protection. Disassemblers, debuggers and decompilers are utilities that can be used for reverse engineering software and software tester should have these utilities in their list of tools to validate protection against reversing.

IPSec technology which helps in the secure transmission of information operates in which layer of the Open Systems Interconnect (OSI) model? A. Transport. B. Network. C. Session. D. Application.

B. Network. IMO the answer is A. But what do i know. From the book: Although software security has specific implications on layer 7, the application of the OSI stack, the security at other levels of the OSI stack is also important and should be leveraged to provide defense in depth. The seven layers of the OSI stack are Physical (layer 1), Data Link (layer 2), Network (layer 3), Transport (layer 4), Session (layer 5), Presentation (layer 6) and Application (layer 7). SSL and IPSec can be used to assure confidentiality for data in motion. SSL operates at the Transport Layer (layer 4) and IPSec operates at the Network Layer (layer 3) of the OSI model.

The predominant form of malware that infects mobile apps is: A. Virus B. Ransomware C. Worm D. Spyware

B. Ransomware Ransomware that locks screens on mobile devices is on the rise and predominantly observed in mobile apps that don't implement sufficient protection controls.

When software is able to withstand attacks from a threat agent and not violate the security policy it is said to be exhibiting which of the following attributes of software assurance? A. Reliability. B. Resiliency. C. Recoverability. D. Redundancy.

B. Resiliency. Reliability in security = The ability of a system or component to function under stated conditions for a specified period of time. Resiliency in security = The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Recoverability in security = Ability to recover from adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Redudancy in security = In the event of a failure, redundancy allows your network to remain in service by providing alternative data paths or backup equipment. Network redundancy is introduced to improve reliability and ensure availability. Software is said to be reliable when it is functioning as expected to. Resiliency is the measure of the software's ability to withstand an attack. When the software is breach, its ability to restore itself back to normal operations is known as the recoverability of the software. Redundancy has to do with high availability.

The token that is PRIMARILY used for authentication purposes in a Single Sign (SSO) implementation between two different companies is: A. Kerberos. B. Security Assert Markup Language (SAML). C. Liberty alliance ID-FF. D. One Time password (OTP).

B. Security Assert Markup Language (SAML). Federation technology is usually built on a centralized identity management architecture leveraging industry standard identity management protocols such as SAML, WS Federation (WS-*) or Liberty Alliance. Of the three major protocol familier associated with federation, SAML seems to be recognized as the de facto standard for enterprise to enterprise federation. SAML works in cross domain settings while Kerberos tokens are useful only within a single domain.

Impersonation attacks such as Man-in-the-Middle (MITM) attacks in an Internet application can be BEST mitigated using proper: A. Configuration Management. B. Session Management. C. Patch Management. D. Exception Management.

B. Session Management. Internet application means that the ability to manage identities as would be possible in an Intranet application is not easy or in some cases infeasible. Internet applications also use stateless protocols such as HTTP or HTTPS and this requires the management of user sessions.

Which of the following is a framework that can be used to develop a risk based enterprise security architecture by determining security requirements after analyzing the business initiatives. A. Capability Maturity Model Integration (CMMI) B. Sherwood Applied Business Security Architecture (SABSA) C. Control Objectives for Information and related Technology (COBIT®) D. Zachman Framework

B. Sherwood Applied Business Security Architecture (SABSA)

Which of the following is a covert(hiding info with "invisible ink") mechanism that assures confidentiality? A. Encryption. B. Steganography. C. Hashing. D. Masking.

B. Steganography. Encryption and Hashing are overt mechanisms to assure confidentiality. Masking is an obfuscating mechanism to assure confidential. Steganography which is hiding information within other media is a cover mechanisms to assure confidentiality. Steganography is more commonly referred to as invisible ink writing and is the art of camouflaging or hidden writing, where the information is hidden and the existence of the message itself is concealed. Steganography is primarily useful for covert communications and is useful and prevalent in military espionage communications.

Timing and synchronization issues such as race conditions and resource deadlocks can be MOST LIKELY identified by which of the following tests? Choose the BEST answer. A. Integration. B. Stress. C. Unit. D. Regression.

B. Stress. Race conditions and resource exhaustion issues are more likely to be identified when the software is starved of the resources that it expects as is done during stress testing.

Tests that are conducted to determine the breaking point of the software after which the software will no longer be functional is characteristic of which of the following types of software testing? A. Regression. B. Stress. C. Integration. D. Simulation.

B. Stress. The goal of stress testing is to determine if the software will continue to operate reliably under duress or extreme conditions. Often the resources that the software needs is taken away from the software and the software's behavior observed as part of the stress test.

In the context of test data management, when a transaction which serves no business purpose is tested, it is referred to as what kind of transaction? A. Non-synthetic. B. Synthetic. C. Useless. D. Discontinuous.

B. Synthetic. Synthetic transactions refer to transactions that serve no business value. Querying order information of a 'dummy' customer is an example of a synthetic transaction. They are not necessarily useless.

Replacing the Primary Account Number (PAN) with random or pseudo-random symbols that are uniquely identifiable and still assuring privacy is also known as: A. Fuzzing. B. Tokenization. C. Encoding. D. Canonicalization.

B. Tokenization. Tokenization is the process of replacing sensitive data with unique identification symbols that still retain the needed information about the data, without compromising its security.

Syslog implementations require which additional security protection mechanisms to mitigate disclosure attacks? A. Unique session identifier generation and exchange. B. Transport Layer Security. C. Digital Rights Management (DRM). D. Data Loss Prevention.

B. Transport Layer Security. The syslog network protocol has become a de facto standard for logging program and server information over the Internet. Many routers, switches and remote access devices will transmit system messages, and there are syslog servers available for Windows and UNIX operating systems. TLS protection mechanisms such as SSL wrappers are needed to protect syslog data in transmit as they are transmitted in the clear. SSL wrappers like stunnel provide transparent SSL functionality.

When the code is not allowed to access memory at arbitrary locations that is out of range of the memory address space that belong to the object's publicly exposed fields, it is referred to as which of the following types of code? A. Object code. B. Type safe code. C. Obfuscated code. D. Source code.

B. Type safe code. Code is said to be type safe if it only accesses memory resources that do not belong to the memory assigned to it. Type safety verification takes place during the Just In Time (JIT) compilation phase and prevents unsafe code from becoming active. Although you can disable type safety verification, it can lead to unpredictable results. The best example is that code can make unrestricted calls to unmanaged code, and if that code has malicious intent, the results can be severe. Therefore, the framework only allows fully trusted assemblies to bypass verification. Type safety is a form of "sandboxing". Type safety must be one of the most important considerations in regards to security when selecting a programming language and phasing out older generation programming languages.

Which of the following is an activity that can be performed to clarify requirements with the business users using diagrams that model the expected behavior of the software? A. Threat modeling B. Use case modeling C. Misuse case modeling D. Data modeling

B. Use case modeling A use case models the intended behavior of the software or system. In other words, the use case describes behavior that the system owner intended. This behavior describes the sequence of actions and events that are to be taken to address a business need. Use case modeling and diagramming is very useful for specifying requirements. It can be effective in reducing ambiguous and incompletely articulated business requirements by explicitly specifying exactly when and under what conditions certain behavior occurs. Use case modeling is meant to model only the most significant system behavior and not all of it and so should not be considered a substitute for requirements specification documentation.

Vulnerability scans are used to: A. measure the resiliency of the software by attempting to exploit weaknesses. B. detect the presence of loopholes and weaknesses in the software. C. detect the effectiveness of security controls that are implemented in the software. D. measure the skills and technical know-how of the security tester.

B. detect the presence of loopholes and weaknesses in the software. A vulnerability is a weakness (or loophole) and vulnerability scans are used to detect the presence of weaknesses in software.

The Systems Security Engineering Capability Maturity Model (SSE-CMM®) (ISO/IEC 21827:2008) is an internationally recognized standard that publishes guidelines to...?

B. evaluate security engineering practices and organizational management processes. Ensure secure engineering of systems (and software) by augmenting(adding to) existing project and organizational process areas and encompassing all phases in the SDLC in its scope from concepts definition, requirement analysis, design, development, testing, deployment, operations, maintenance, and disposal. It also includes guidance on best practices for interactions with other organizations, acquisitions, and certification and accreditation (C&A). This model is now the de facto standard metric for evaluating security engineering practices for the organization or the customer and for establishing confidence in organizational processes to assure security.

When the source code is made obscure using special programs in order to make the readability of the code difficult when disclosed, the code is also known as: A. object code. B. obfuscated code. C. encrypted code. D. hashed code.

B. obfuscated code. Reverse engineering is used to infer how a program works by inspecting it. Code obfuscation which makes the readability of code extremely difficult and confusing, can be used to deter reverse (not prevent) engineering attacks. Obfuscating code is not detective or corrective in its implementation.

The process of eliciting concrete software security requirements from high level regulatory and organizational directives and mandates in the requirements phase of the SDLC is also known as...?

B. policy decomposition. The process of eliciting concrete software security requirements from high level regulatory and organizational directives and mandates is referred to as policy decomposition. When the policy decomposition process completes, all the gleaned requirements must be measurable components.

An instrument that is used to communicate and mandate organizational and management goals and objectives at a high level is a...?

B. policy. high level = It's more generalized at this level. Policies act as a statement of intent.

The ability of the software to restore itself to expected functionality when the security protection that is built in is breached is also known as: A. redundancy. B. recoverability. C. resiliency. D. reliability.

B. recoverability. When the software performs as it is expected to, it is said to be reliable. When errors occur, the reliability of software is impacted and the software needs to be able to restore itself to expected operations. The ability of the software to be restored to normal expected operations is referred to as recoverability. The ability of the software to withstand attacks against its reliability is referred to as resiliency. Redundancy is about availability and reconnaissance is related to information gathering as in fingerprinting/footprinting. Reliability in security = The ability of a system or component to function under stated conditions for a specified period of time. Resiliency in security = The ability to anticipate, withstand, recover from, and adapt to adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Recoverability in security = Ability to recover from adverse conditions, stresses, attacks, or compromises on systems that use or are enabled by cyber resources. Redudancy in security = In the event of a failure, redundancy allows your network to remain in service by providing alternative data paths or backup equipment. Network redundancy is introduced to improve reliability and ensure availability.

Choose the BEST answer. Configurable settings for logging exceptions, auditing and credential management must be part of A. database views. B. security management interfaces. C. global files. D. exception handling.

B. security management interfaces. Security Management Interfaces (SMI) are administrative interfaces for your application which have the highest level of privileges on the system and can do tasks such as: ■ Users provisioning - adding/deleting/enabling users accounts. ■ Granting rights to different user roles. ■ System restart. ■ Changing system security settings. ■ Accessing audit trails, user credentials, exception logs. Although SMIs are often not explicitly stated in the requirements, and subsequently not threat modeled, strong controls such as least privilege and access controls must be designed and built in when developing SMI because the compromise of a SMI can be devastating, ranging from complete compromise, installing backdoors, to disclosure, alteration and destruction (DAD) attacks on audit logs, user credentials, exception logs, etc. SMI need not be deployed always with the default accounts that is set by the software publisher, although it is often observed to be.

The primary reason for designing Single Sign On (SSO) capabilities is to: A. increase the security of authentication mechanisms. B. simplify user authentication. C. have the ability to check each access request. D. allow for interoperability between wireless and wired networks.

B. simplify user authentication. The design principle of economy of mechanism states that one must keep the design as simple and small as possible. This well known principle deserves emphasis for protection mechanisms because design and implementation errors that result in unwanted access paths will not be noticed during normal use. As a result, techniques such as line-by-line inspection of software that implements protection mechanisms are necessary. For such techniques to be successful, a small and simple design is essential. SSO support this principle by simplifying the authentication process.

What is the PRIMARY reason for incorporating security into the software development life cycle?

B. the corporate brand and reputation. When security is incorporated in to the software development life cycle, confidentiality, integrity and availability can be assured and external hacker and insider threat attempts thwarted. Developers will generate more hack-resilient software with fewer vulnerabilities, but protection of the organization's reputation and corporate brand is the primary reason for software assurance. Extra: The primary reason for incorporating security into the software development cycle is essentially to cover the 3 tenets of information security, aka the CIA Triad. An ISMS (information security management system) is just a system for managing an organisation's security (IT security). By covering the triad, you incoroporate security.

Smart fuzzing is characterized by injecting: A. truly random data without any consideration for the data structure. B. variations of data structures that are known. C. data that get interpreted as commands by a backend interpreter. D. scripts that are reflected and executed on the client browser.

B. variations of data structures that are known. The process of sending random data to test security of an application is referred to as "fuzzing" or "fuzz testing." There are two levels of fuzzing: dumb fuzzing and smart fuzzing. Sending truly random data, known as dumb fuzzing, often doesn't yield great results and has the potential of bringing the software down, causing a Denial of Service (DoS). If the code being fuzzed requires data to be in a certain format but the fuzzer does not create data in that format, most of the fuzzed data will be rejected by the application. The more knowledge the fuzzer has of the data format, the more intelligent it can be at creating data. These more intelligent fuzzers are known as smart fuzzers.

What is Basic Autentication?

Basic Authentication is a lightweight authentication scheme designed to allow administrators to protect web-based applications with a username and password. Credentials transmitted in a Base-64 encoded form. Although this provides a little more security than anonymous authentication, Basic authentication must be avoided as well, since the encoded credentials can be easily decoded.

The Federal Information Processing Standard (FIPS) that prescribe guidelines for biometric authentication is: A. FIPS 140. B. FIPS 186. C. FIPS 197. D. FIPS 201.

Biometric authentication is a security process that relies on the unique biological characteristics of individuals to verify they are who they say they are. D. FIPS 201 is therefore the correct answer.

Which of the following is the current Federal Information Processing Standard (FIPS) that specifies an approved cryptographic algorithm to ensure the confidentiality of electronic data? A. (FIPS 140). B. (FIPS 201). C. (FIPS 197). D. (FIPS 186).

C. (FIPS 197).

Which of the following is a feature of most recent operating systems (OS) that makes it difficult for an attacker to guess the memory address of the program as it makes the memory address different each time the program is executed? A. Data Execution Prevention (DEP). B. Executable Space Protection (ESP). C. Address Space Layout Randomization (ASLR). D. Safe Security Exception Handler (/SAFESEH).

C. Address Space Layout Randomization (ASLR). In the past, the memory manager would try to load binaries at the same location in the linear address space each time the program was run. This behavior made it easier for shell coders by ensuring that certain modules of code would always reside at a fixed address and could be referenced in exploit code using raw numeric literals. The Address Space Layout Randomization (ASLR) is a feature in newer operating systems (introduced in Windows Vista) which deals with this predictable and direct referencing issue. ASLR makes the binary load in random address space each time the program is run.

The process of removing private information from sensitive data sets is referred to as: A. Sanitization. B. Degaussing. C. Anonymization. D. Formatting.

C. Anonymization. Sanitization = the act of changing something in order to make it less harmful. Degaussing = the destruction of the data on a data storage device by removing its magnetism. Anonymization = removing or modifing identifiable information. Formatting = prepare a storage medium to receive data.

The Single Loss Expectancy can be determined using which of the following formula? A. Annualized Rate of Occurrence (ARO) x Exposure Factor. B. Probability x Impact. C. Asset Value x Exposure Factor. D. Annualized Rate of Occurrence (ARO) x Asset Value.

C. Asset Value x Exposure Factor

Database triggers are PRIMARILY useful for providing which of the following detective software assurance capability? A. Availability. B. Authorization. C. Auditing. D. Archiving.

C. Auditing. (history log) All stored procedures could be updated to incorporate auditing logic; however a better solution is to use database triggers. You can use triggers to monitor actions performed on the database tables and automatically log auditing information.

Developing the software to monitor its functionality and report when the software is down and unable to provide the expected service to the business is a protection to assure which of the following four: A. Confidentiality. B. Integrity. C. Availability. D. Authentication.

C. Availability

Which of the following components of the Java architecture is primarily responsible to ensure type consistency, safety and assure that there are no malicious instructions in the code? A. Garbage collector B. Class Loader C. Bytecode Verfier D. Java Security Manager

C. Bytecode Verfier Bytecode Verifier is the most important component of the JVM from a type consistency viewpoint. The Bytecode Verifier checks to see if the .class files are in the Class file format and double checks to ensure that there are no malicious instructions in the code that would compromise the rules of type safety in Java.

Which of the following is the MOST important to ensure, as part of security testing, when the software is forced to fail x? Choose the BEST answer. A. Normal operational functionality is not restored automatically. B. Access to all functionality is denied. C. Confidentiality, integrity and availability are not adversely impacted. D. End users are adequately trained and self help is made available for the end user to fix the error on their own.

C. Confidentiality, integrity and availability are not adversely impacted. As part of security testing, the principle of failsafe must be assured. This means that confidentiality, integrity and availability are not adversely impacted when the software fails. As part of general software testing, the recoverability of the software i.e., restoration of the software to normal operational functionality is an important consideration, but it need not always be an automated process.

Implementing Completely Automated Public Turing test to tell Computers and Humans Apart (CAPTCHA) protection is a means of defending against: A. SQL Injection. B. Cross-Site Scripting (XSS). C. Cross-Site Request Forgery (CSRF). D. Insecure cryptographic storage.

C. Cross-Site Request Forgery (CSRF). In addition to assuring that the requestor is a human, CAPTCHA's are useful mitigating CSRF attacks. Since CSRF is dependent on a pre-authenticated token to be in place, using CAPTCHA as the anti-CSRF token is an effective way of dealing with the inherent XSS problems regarding anti-CSRF tokens as long as the CAPTCHA image itself is not guessable, predictable or reserved to the attacker.

When reporting a software security defect in the software, which of the following also needs to be reported so that variance from intended behavior of the software can be determined? A. Defect identifier. B. Title. C. Expected results. D. Tester name.

C. Expected results. Knowledge of the expected results along with the defect information can be used to determine the variance between what the results need to be and what is deficient.

Which of the secure design principles is promoted when test harnesses are used? A. Least privilege. B. Separation of duties. C. Leveraging existing components. D. Psychological acceptability.

C. Leveraging existing components. Test harnesses promote the principle of leveraging existing components as it can be reused by multiple projects, once it is set up. Test Harness in Software Testing is a collection of stubs, drivers and other supporting tools required to automate test execution.

An understanding of which of the following programming concepts is necessary to protect against memory manipulation buffer overflow attacks? Choose the BEST answer. A. Error handling. B. Exception management. C. Locality of reference. D. Generics.

C. Locality of reference. Computer processors tend to access memory in a very patterned way. For example, in the absence of branching, if memory location X is accessed at time t, there is a high probability that memory location X+1 will also be accessed in the near future. This kind of clustering of memory references into groups is referred to as locality of reference. The basic forms of locality of reference are temporal (based on time), spatial (based on address space), branch conditional) and equidistant (somewhere between spatial and branch using simple linera functions that look for equidistant locations of memory to predict which location will be accessed in the near future ). While this is good from a performance vantage point, it can lead to an attacker predicting memory address spaces and causing memory corruption and buffer overflow.

Testing for the randomness of session identifiers and the presence of auditing capabilities provides the software team insight into which of the following security controls? A. Availability. B. Authentication. C. Non-repudiation. D. Authorization.

C. Non-repudiation. When session management is in place, it provides for authentication and when authentication is combined with auditing capabilities, it provides nonrepudiation i.e., the authenticated user cannot claim broken sessions and intercepted authentication and deny their user actions due to the audit logs recording their actions.

The organization that publishes the ten most critical web application security risks (Top Ten) is the: A. Computer Emergency Response Team (CERT). B. Web Application Security Consortium (WASC). C. Open Web Application Security Project (OWASP). D. Forums for Incident Response and Security Teams (FIRST)

C. Open Web Application Security Project (OWASP).

Assurance that the software meets the expectations of the business as defined in the service level agreements (SLAs) can be demonstrated by which of the following types of tests? A. Unit. B. Integration. C. Performance. D. Regression.

C. Performance. Assurance that the software meets the expectations of the business as defined in the service level agreements (SLAs) can be demonstrated by performance testing. Once the importance of the performance of an application is known, it is necessary to understand how various factors affect the performance. Security features can have an impact on performance and this must be checked to ensure that service level requirements can be met.

Which of the following software architectures is effective in distributing the load between the client and the server, but since it includes the client to be part of the threat vectors it increases the attack surface? A. Software as a Service (SaaS). B. Service Oriented Architecture (SOA). C. Rich Internet Application (RIA). D. Distributed Network Architecture (DNA).

C. Rich Internet Application (RIA). RIAs require Internet Protocol (IP) connectivity to the backend server. Browser sandboxing is recommended since the client is also susceptible to attack now, but it is not a requirement. The workload is shared between the client and the server and the user experience and control is increased in RIA architecture.

Which of the following transport layer technologies can BEST mitigate session hijacking and replay attacks in a local area network (LAN)? A. Data Loss Prevention (DLP). B. Internet Protocol Security (IPSec). C. Secure Sockets Layer (SSL). D. Digital Rights Management (DRM).

C. Secure Sockets Layer (SSL). SSL provides disclosure protection, and protection against session hijacking and replay at the transport layer (layer 4) while IPSec provides confidentiality and integrity assurance operating in the network layer (layer 3). DRM provides some degree of disclosure (primarily IP) protection and operates in the presentation layer (layer 6), and data loss prevention (DLP) technologies prevent the inadvertent disclosure of data to unauthorized individuals, predominantly who are external to the organization.

Which of the following is used to communicate and enforce availability requirements of the business or client? A. Non-Disclosure Agreement (NDA). B. Corporate Contract. C. Service Level Agreements (SLA). D. Threat model.

C. Service Level Agreements (SLA). SLAs should contain the levels of service expected for the software to provide and this becomes crucial when the software is not developed in-house.

Drivers and stub based programming are useful to conduct which of the following tests? A. Integration. B. Regression. C. Unit. D. Penetration.

C. Unit. In order for unit testing to be thorough, the unit/module and the environment for the execution of the module need to be complete. The necessary environment includes the modules that either call or are called by the unit of code being tested. Stubs and drivers are designed to provide the complete environment for a module so that unit testing can be carried out. A stub procedure is a dummy procedure that has the same input/output (I/O) parameters as the given procedure. A driver module should have the code to call the different functions of the module under test with appropriate parameter values for testing. In layman's terms, the driver module is akin to the caller and the stub module can be seen as the callee.

Requirements which when implemented can help to build a history of events that occurred in the software are known as...?

C. accountability requirements. Accountability requirements are those that assist in building a historical record of user actions. Audit trails can help detect when an unauthorized user makes a change or an authorized user makes an unauthorized change, both of which are cases of integrity violations. Auditing requirements not only help with forensic investigations as a detective control but can also be used for troubleshooting errors and exceptions, if the actions of the software are tracked appropriately. When auditing is combined with identification, it provides for accountability.

Requirements that are identified to protect against the destruction of information or the software itself are commonly referred to as:

C. availability requirements. Destruction is the threat against availability as disclosure is the threat against confidentiality and alteration being the threat against integrity.

Software security requirements that are identified to protect against disclosure of data to unauthorized users is otherwise known as: A. integrity requirements. B. authorization requirements. C. confidentiality requirements. D. non-repudiation requirements.

C. confidentiality requirements. Destruction is the threat against availability as disclosure is the threat against confidentiality and alteration being the threat against integrity. Disclosure = To expose a view

A security principle that maintains the confidentiality, integrity and availability of the software and data, besides allowing for rapid recovery to the state of normal operations, when unexpected events occur is the security design principle of

C. fail secure.

When passwords are stored in the database, the best defense against disclosure attacks can be accomplished using: A. encryption. B. masking. C. hashing. D. obfuscation.

C. hashing. An important use for hashes is storing passwords. The actual password should never be stored in the database. Using hashing functions, you can store the hash value of the user password and use that value to authenticate the user. Because hashes are one-way (not reversible), they offer a heightened level of confidentiality assurance.

The process of combining necessary functions, variables and dependency files and libraries required for the machine to run the program is referred to as: A. compilation. B. interpretation. C. linking. D. instantiation.

C. linking. Linking is the process of combining the necessary functions, variables and dependencies files and libraries required for the machine to run the program. The output that results from the linking process is the executable program or machine code/file that the machine can understand and process. In short, linked object code is the executable. Link editors that combine object codes are known as linkers. Upon the completion of the compilation process, the compiler invokes the linker to perform its function. There are two types of linking: static linking and dynamic linking.

Implementing IPSec to assure the confidentiality of data when it is transmitted is an example of risk: A. avoidance. B. transference. C. mitigation. D. acceptance.

C. mitigation. While it may seem like the risk is mitigated completely, there still remains the risk of someone deciphering the original clear text from the encrypted text if the encryption solution is weakly implemented. Mitigation = reducing risk of loss

The ability of the software to withstand attempts of attackers who intend to breach the security protection that is built in is also known as: A. redundancy. B. recoverability. C. resiliency. D. reliability.

C. resiliency. Resiliency of software is defined as the ability of the software to withstand attacker attempts.

Software developers writes software programs PRIMARILY to: A. create new products. B. capture market share. C. solve business problems. D. mitigate hacker threats.

C. solve business problems. IT and software development teams function to provide solutions to the business. Manual and inefficient business processes can be automated and made efficient using software programs.

The PRIMARY objective of resiliency testing of software is to determine: A. the point at which the software will break. B. if the software can restore itself to normal business operations. C. the presence and effectiveness of risk mitigation controls. D. how a blackhat would circumvent access control mechanisms

C. the presence and effectiveness of risk mitigation controls. Security testing must include both external (blackhat) and insider threat analysis and it should be more than just testing for the ability to circumvent access control mechanisms. The resiliency of software is the ability of the software to be able to withstand attacks. The presence and effective of risk mitigate controls increases the resiliency of the software.

Requiring the end user to accept an 'AS-IS' (you get the product as it is) disclaimer clause before installation of your software is an example of risk...?

C. transference When the end user accepts the 'AS-IS' clause in the disclaimer, they are agreeing to installing and using the software as it is, covering the software publisher from liability issues arising from unforeseen situations and threats. Third party assessors usually employ vulnerability assessments and penetration testing of the software to determine its state of security, and assist in determining the exploitability of the software.

The inner workings and internal structure of backend databases can be protected from disclosure using: A. triggers. B. normalization. C. views. D. encryption.

C. views. Views provide a number of benefits with regard to security. They abstract the source of the data being presented, keeping the internal structure of the database hidden from the user. Furthermore, views can be created on a subset of columns in a table. This capability can allow users granular access to specific data elements. Views can also be used to limit access to specific rows of data as well.

What is a CSSLP?

CSSLP (certified secure software lifecycle professional) is a certification from (ISC)² that focuses on application security within the software development lifecycle (SDLC).

What does Archiving Requirements intale?

Certain requirements for archiving like: Data or information may be stored and archived until it has outlived its usefulness or there is no regulatory or organizational policy requirement to comply with.

What Is a Change Control Process?

Change control is a systematic approach to identify, document, and authorize changes to minimize organization and project disruption.

Which of the following is an important consideration to manage memory and mitigate overflow attacks when choosing a programming language? A. Locality of reference. B. Type safety. C. Cyclomatic complexity. D. Parametric polymorphism.

Code is said to be type safe if it only accesses memory resources that do not belong to the memory assigned to it. Type safety verification takes place during the Just In Time (JIT) compilation phase and prevents unsafe code from becoming active. Although you can disable type safety verification, it can lead to unpredictable results. The best example is that code can make unrestricted calls to unmanaged code, and if that code has malicious intent, the results can be severe. Therefore, the framework only allows fully trusted assemblies to bypass verification. Type safety is a form of "sandboxing". Type safety must be one of the most important considerations in regards to security when selecting a programming language.

What's Code Signing?

Code signing is a digital signature added to software and applications that verifies that the included code has not been tampered with after it was signed.

What are COTS software?

Commercially Off the Shelf (COTS): A software and/or hardware product that is commercially ready-made and available for sale, lease, or license to the general public.

What does the acronym CBK stand for and what does it intale?

Common body of knowledge - refers to a peer-developed compendium of what a competent professional in their respective field must know, including the skills, techniques and practices that are routinely employed. Software Security professionals should have a common body of knowledge from the (ISC)²'s CCSLP certificate. It's kind of what they are expected to know.

What does CERT stand for and what is it?

Computer Emergency Response Team. A group of information security experts responsible for the protection against, detection of and response to an organization's cybersecurity incidents. A Computer Emergency Response Team will identify cyber threats and focus on resolving incidents such as data breaches and denial-of-service attacks as well as providing alerts and incident handling guidelines.

What is a good definition of confidentiality?

Confidentiality is the principle and practice of keeping sensitive information private unless the owner or custodian of the data gives explicit consent for it to be shared with another party.

What are Confidentiality Requirements?

Confidentiality requirements are those that address protection against the unauthorized disclosure of data or information that are either private or sensitive in nature. The classification of data (covered later in this chapter) into sensitivity levels is often used to determine confidentiality requirements. Data can be broadly classified into public and non-public data or information.

What is Cross Site Scripting?

Cross site scripting (XSS) is an attack in which an attacker injects malicious executable scripts into the code of a trusted application or website. Attackers often initiate an XSS attack by sending a malicious link to a user and enticing the user to click it.

What is the cyclomatic complexity in software testing?

Cyclomatic complexity (CYC) is a software metric used to determine the complexity of a program. It is a count of the number of decisions in the source code. The higher the count, the more complex the code.

The findings of a code review indicate that cryptographic operations in code use the Rijndael cipher, which is the original publication of which of the following algorithms? A. Skipjack. B. Data Encryption Standard (DES). C. Triple Data Encryption Standard (3DES). D. Advanced Encryption Standard (AES).

D. Advanced Encryption Standard (AES). Advanced Encryption Standard (FIPS 197) is published as the Rijndael cipher. Software should be designed in such a way that you should be able to replace one cryptographic algorithm with a stronger one, when needed, without much rework and recoding. This is referred to as cryptographic agility.

Code signing can provide all of the following EXCEPT: A. Anti-tampering protection. B. Authenticity of code origin. C. Runtime permissions for code. D. Authentication of users.

D. Authentication of users. Code signing can provide all of the following. Anti-tampering protection assuring integrity of code, Authenticity (not authentication) of code origin and runtime permissions for the code to access system resources. The primary benefit of code signing is that it provides users with the identity of the software's creator, which is particularly important for mobile code i.e., that is downloaded from a remote location over the Internet.

Rights and privileges for a file can be granularly granted to each client using which of the following technologies. A. Data Loss Prevention (DLP). B. Software as a Service (SaaS). C. Flow control. D. Digital Rights Management (DRM).

D. Digital Rights Management (DRM). Digital Rights Management (DRM) solutions give copyright owners control over access and use of the copyright protected material. When users want to access or sue digital copyrighted material, they can do so on the terms of the copyright owner.

A Requirements Traceability Matrix (RTM) that includes security requirements can be used for all of the following EXCEPT: A. Ensure scope creep does not occur B. Validate and communicate user requirements C. Determine resource allocations D. Identifying privileged code sections

D. Identifying privileged code sections Identifying privileged code sections is part of threat modeling and not part of a RTM.

When an all-or-nothing approach to code access security is not possible and business rules and permissions need to be set and managed more granularly inline code functions and modules, a programmer can leverage which of the following? A. Cryptographic agility. B. Parametric polymorphism. C. Declarative security. D. Imperative security.

D. Imperative security. When security requests are made in the form of attributes, it is referred to as declarative security. It does not precisely define the steps as to how the security will be realized. Declarative syntax actions can be evaluated without running the code because attributes are stored as part of an assembly's metadata while the imperative security actions are stored as Intermediary Language (IL). This means that imperative security actions can be evaluated only when the code is running. Declarative security actions are checks before a method is invoked and are placed at the class level, being applicable to all methods in that class, unlike imperative security. Declarative security is an "all-or-nothing" kind of implementation, while imperative security offers greater levels of granularity and control, because the security requests runs as lines of code intermixed with the application code.

Verbose error messages and unhandled exceptions can result in which of the following software security threats? A. Spoofing. B. Tampering. C. Repudiation. D. Information disclosure.

D. Information disclosure. Information disclosure is primarily a design issue and therefore is a languageindependent problem, although with accidental leakage, many newer highlevel languages can worsen the problem by providing verbose error messages that might be helpful to attack in their information gathering (reconnaissance) efforts. It must be recognized that there is a tricky balance between providing the user with helpful information about errors, and preventing attackers from learning about the internal details and architecture of the software. From a security standpoint, it is advisable to not disclose verbose error messages and still provide the users with a helpline to get additional support.

Parity bit checking mechanisms can be used for all of the following except: A. Error detection. B. Message corruption. C. Integrity assurance. D. Input validation.

D. Input validation.

When the software is designed using Representational State Transfer (REST) architecture, it promotes which of the following good programming practices? A. High Cohesion. B. Low Cohesion. C. Tight Coupling. D. Loose Coupling.

D. Loose Coupling. Since REST is a client/server model, in which the requests and responses are built around transition state of resources, it promotes loose coupling between the client and server.

Using multifactor authentication is effective in mitigating which of the following application security risks? A. Injection flaws. B. Cross-Site Scripting (XSS). C. Buffer overflow. D. Man-in-the-Middle (MITM).

D. Man-in-the-Middle (MITM). As a defense against a Man-in-the-Middle (MITM) attacks, authentication and session management needs to be in place. Multifactor authentication provides greater defense than single factor authentication and is recommended. Session identifiers that are generated should be unpredictable, random and non-guessable.

The use of digital signatures has the benefit of providing which of the following that is not provided by symmetric key cryptographic design? A. Speed of cryptographic operations B. Confidentiality assurance C. Key exchange D. Non-repudiation

D. Non-repudiation Non-repudiation and proof of origin (authenticity) is provided by the certificate authority (CA) attaching its digital signature, encrypted with the private key of the sender, to the communication that is to be authenticated, and this attests the authenticity of both the document and the sender.

Which of the following is a multi-faceted security standard that is used to regulate organizations that collects, processes and/or stores cardholder data as part of their business operations? A. FIPS 201. B. ISO/IEC 15408. C. NIST SP 800-64. D. PCI DSS.

D. PCI DSS.

At which layer of the Open Systems Interconnect (OSI) model must security controls be designed to effectively mitigate(lessen the gravity) side channel attacks? A. Transport B. Network C. Data link D. Physical

D. Physical Side channel attacks use unconventional means to compromise the security of the system and in most cases require physical access to the device or system. Therefore, to mitigate side channel attacks, physical protection can be used.

The amount of time by which business operations need to be restored to service levels as expected by the business when there is a security breach or disaster is known as...?

D. Recovery Time Objective (RTO).

Which of the following is known to circumvent the ring protection mechanisms in operating systems? A. Cross Site Request Forgery (CSRF). B. Coolboot. C. SQL Injection. D. Rootkit.

D. Rootkit Rootkits are known to compromise the operating system ring protection mechanisms and masquerade as a legitimate operating system taking siege of it.

When an attacker uses delayed error messages between successful and unsuccessful query probes, he is using which of the following side channel techniques to detect injection vulnerabilities? A. Distant observation. B. Cold boot. C. Power analysis. D. Timing.

D. Timing. Poorly designed and implement systems are expected to be insecure, but most well-designed and implemented systems also have subtle gaps between their abstract models and their physical realization due to the existence of side channels. A side channel is a potential source of information flow from a physical system to an adversary, beyond what is available via the conventional (abstract) model. These range from subtle observation of timing, electromagnetic radiations, power usage, analog signals, acoustic emanations, etc. The use of non-conventional and specialized techniques along with physical access to the target system to discover information is characteristic of side channel attacks. The analysis of delayed error messages between successful and unsuccessful query is a form of timing side channel attack.

The primary security concern when implementing cloud applications is related to: A. Insecure APIs B. Data leakage and/or loss C. Abuse of computing resources D. Unauthorized access

D. Unauthorized access Although the nefarious use of APIs, shared technologies issues that can be abused and unauthorized access of data and software hosted in the cloud, the primary security concern is related to data disclosure, which includes leakage and/or loss.

As a means to assure confidentiality of copyright information, the security analyst identifies the requirement to embed information insider another digital audio, video or image signal. This is commonly referred to as: A. Encryption. B. Hashing. C. Licensing. D. Watermarking.

D. Watermarking. Digital watermarking is the process of embedding information into a digital signal. These signals can be audio, video, or pictures.

During a threat modeling exercise, the software architecture is reviewed to identify: A. attackers. B. business impact. C. critical assets. D. entry points.

D. entry points. During threat modeling, the application is dissected into its functional components. The development team analyzes the components at every entry point and traces data flow through all functionality to identify security weaknesses.

The MAIN benefit of statically analyzing code is that: A. runtime behavior of code can be analyzed. B. business logic flaws are more easily detectable. C. the analysis is performed in a production or production-like environment. D. errors and vulnerabilities can be detected earlier in the life cycle.

D. errors and vulnerabilities can be detected earlier in the life cycle. The one thing that is common in all software is source code and this source code needs to be reviewed from a security perspective to ensure that security vulnerabilities are detected and addressed before the software is released into the production environment or to customers. Code review is the process of systematically analyzing the code for insecure and inefficient coding issues. In addition to static analysis, which reviews code before it goes live, there are also dynamic analysis tools, which conduct automated scans of applications in production to unearth vulnerabilities. In other words, dynamic tools test from the outside in, which static tools test from the inside out. Just because the code compiles without any errors, it does not necessarily mean that it will run without errors at runtime. Dynamic tests are useful to get a quick assessment of the security of the applications. It comes in handy when source code is not available for review as well.

A Requirements Traceability Matrix (RTM) that includes security requirements can be used for all of the following except: A. ensuring scope creep does not occur B. validating and communicating user requirements C. determining resource allocations D. identifying privileged code sections

D. identifying privileged code sections Identifying privileged code sections is part of threat modeling and not part of a RTM

Cryptographic protection includes all of the following EXCEPT: A. encryption of data when it is processed. B. hashing of data when it is stored. C. hiding of data within other media objects when it is transmitted. (steganography) D. masking of data when it is displayed.

D. masking of data when it is displayed. Masking does not use any overt cryptography operations such as encryption, decryption, or hashing or covert operations such as data hiding as in the case of steganography to provide disclosure protection.

Audit logs can be used for all of the following EXCEPT A. providing evidentiary(proof) information. B. assuring that the user cannot deny their actions. C. detecting the actions that were undertaken. D. preventing a user from performing some unauthorized operations.

D. preventing a user from performing some unauthorized operations.

Nicole is part of the 'author' role as well as she is included in the 'approver' role, allowing her to approve her own articles before it is posted on the company blog site. This violates the principle of: A. least privilege. B. least common mechanisms. C. economy of mechanisms. D. separation of duties.

D. separation of duties. Separation of duties or sometimes it is referred to as separation of privilege is the principle that it is better to assign tasks to several specific individuals so that no one user has total control over the task themselves. It is closely related to the principle of least privilege which is the ideas that minimum amount of privilege is granted for the minimum (shortest) amount of time to individuals with a need to know. The fact that Nicole has two roles is wrong. She should only have one of them.

What is a good definition of Availability?

Data availability is when an organization ensures that all of its business-related data is available to the organization, partners, or end-users at any time of the day, whenever and wherever required. The last technical term in this group of 4 terms is Authorization.

What is a good definition of integrity?

Data integrity is the overall accuracy, completeness, and consistency of data. Data integrity is the assurance that digital information is uncorrupted and can only be accessed or modified by those authorized to do so.

What is masking in information technology?

Data masking or data obfuscation is the process of modifying sensitive data in such a way that it is of no or little value to unauthorized intruders while still being usable by software or authorized personnel.

Explain the all-or-nothing approach to code.

Data/code is only allowed to be understood if all of it is known.

What is declarative syntax security?

Declarative security means that the security mechanism for an application is declared and handled externally to the application.

Evaluating Criteria for IT Security (ISO/IEC 15408) is an internationally recognized standard that publishes guidelines to...?

Define a common framework for evaluating security features and capabilities of Information Technology security products. The Common Criteria allows vendors to have their products evaluated by an independent third party against the predefined evaluation assurance levels (EALs) clearly defined in the standard.

Define Security Assurance Requirements (SARs)

Descriptions of the measures taken during development and evaluation of the product to assure compliance with the claimed security functionality.

What is Digital Rights Management (DRM)?

Digital rights management (DRM) is a way to protect copyrights for digital media. This approach includes the use of technologies that limit the copying and use of copyrighted works and proprietary software.

What is a Distributed Network Architecture?

Distributed Network Architecture are part of distributed computing architecture, in which enterprise IT infrastructure resources are divided over a number of networks, processors and intermediary devices.

What does Normalization mean?

Eliminate repeating groups in individual tables. Create a separate table for each set of related data. Identify each set of related data with a primary key. We had about this in the datamodellering course.

What is encoding in Cyber Security?

Encoding is the process of putting a sequence of characters such as letters, numbers and other special characters into a specialized format for efficient transmission. Decoding is the process of converting an encoded format back into the original sequence of characters.

What is software exception handling?

Exception handling is the process of responding to unwanted or unexpected events when a computer program runs. Exception handling deals with these events to avoid the program or system crashing, and without this process, exceptions would disrupt the normal operation of a program.

What does FIPS stand for, and what is it?

FIPS (Federal Information Processing Standards) are a set of standards that describe document processing, encryption algorithms and other information technology standards for use within non-military government agencies and by government contractors and vendors who work with the agencies.

What is Parity bit checking used for?

For error detection but it can be used for assuring the integrity of transferred files and messages. The term checksum belongs to this.

What is Forms Authentication?

Forms authentication enables user and password validation for Web applications that do not require Windows authentication. Form Authentication is a token-based authentication system. When users log in, they receive a token with user information that is stored in an encrypted cookie.

What is Security Fuzzing?

Fuzz testing or fuzzing is an automated software testing method that injects invalid, malformed, or unexpected inputs into a system to reveal software defects and vulnerabilities. A fuzzing tool injects these inputs into the system and then monitors for exceptions such as crashes or information leakage.

What does SP 800-14: Generally Accepted Principles and Practices for Security IT Systems give insight into?

Gives insight into the basic security requirements that most IT systems should contain, to various stakeholders, including management, internal auditors, users, system developers and security practitioners. It provides a foundation that can be used as a point of reference.

What is high cohesion?

High cohesion is a software engineering concept that refers to how closely all the routines in a class, or all the code in a routine, support a central purpose. Classes that contain strongly related functionalities are described as having high cohesion; the heuristic goal is to make cohesion as high as possible.

What does IPsec stand for, and what is it?

IPsec (Internet Protocol Security) is a suite of protocols that secure network communication across IP networks. It provides security services for IP network traffic such as encrypting sensitive data, authentication, protection against replay and data confidentiality. IPSec contains the following elements: Encapsulating Security Payload (ESP): Provides confidentiality, authentication, and integrity. Authentication Header (AH): Provides authentication and integrity. Internet Key Exchange (IKE): Provides key management and Security Association (SA) management.

What is imperative syntax security?

Imperative security is applied by calling the appropriate methods of a Permission object that represents the Principal (for role-based security) or system resource (for code access security).

What are availablity Requirements?

Improper software design and development can lead to destruction of the system/data or even cause Denial of Service (DoS). It is, therefore, imperative that availability requirements are explicitly determined to ensure that there is no disruption to business operations.

What is meant by canonicalization?

In computer science, canonicalization (sometimes standardization or normalization) is a process for converting data that has more than one possible representation into a "standard", "normal", or canonical form.

What is type safety in programming?

In computer science, type safety and type soundness are the extent to which a programming language discourages or prevents type errors.

What is Discretionary Access Control (DAC)?

In computer security, discretionary access control (DAC) is a type of access control defined by the Trusted Computer System Evaluation Criteria (TCSEC) as a means of restricting access to objects based on the identity of subjects and/or groups to which they belong. Aka: If the owner of an object doesn't want a specific group of people to access the object, the owner can decide that they should be denied access.

What is Executable Address Space Protection?

In computer security, executable-space protection marks memory regions as non-executable, such that an attempt to execute machine code in these regions will cause an exception. It makes use of hardware features such as the NX bit (no-execute bit), or in some cases software emulation of those features.

What is Skipjack?

In cryptography, Skipjack is a block cipher—an algorithm for encryption—developed by the U.S. National Security Agency (NSA). Supports a 64-bit block size and a 80-bit key. The block is internally divided into four 16-bit words, where each round applies a keyed non-linear permutation to one word from the block.

What is Integrated Autentication?

Integrated Authentication is Microsoft's term for its authentication methods, which include NTLM and Kerberos. The credentials are sent as a digest(a cryptographic hash function containing a string of digits created by a one-way hashing formula). This can be implemented as a standalone authentication mechanism or in conjunction with Kerberos v5 authentication when delegation and impersonation is necessary in a trusted sub-system infrastructure. Wherever possible, especially in intranet settings, it is best to use integrated authentication since the credentials are not transmitted in clear text and it is efficient in handling authentication needs. It's kinda like Digest Autentication to be fair, but more on a "organization" level.

What does hashing of data accomplish?

Integrity of software and data. Data can be compared to a hash value to determine its integrity. Usually, data is hashed at a certain time and the hash value is protected in some way. At a later time, the data can be hashed again and compared to the protected value. If the hash values match, the data has not been altered.

What are Integrity Requirements?

Integrity requirements for software are those security requirements that address two primary areas of software security viz(it is permitted to see). reliability assurance and protection or prevention against unauthorized modifications.

What are Security Management Interfaces?

Interfaces that are used to configure and manage the security of the software, itself. These are administrative interfaces with high levels of privilege. SMI are used for user-provisioning tasks such as adding users, deleting users, enabling or disabling user accounts, as well as granting rights and privileges to roles, changing security settings, configuring audit log settings and audit trails, exception logging, etc.

What is interoperability in security?

Interoperability involves two or more systems that need to be set up to exchange, access, and understand the shared data from the other system. This process requires the syntactic approach, allowing systems to adopt standard data formats and structure protocols. From the book: Interoperability gives vendor independence and allows for these heterogeneous and disparate systems to communicate with each other using a common protocol.

What is Kerberos and how it works?

Kerberos is a computer network security protocol that authenticates service requests between two or more trusted hosts across an untrusted network, like the internet. It uses secret-key cryptography and a trusted third party for authenticating client-server applications and verifying users' identities.

Is Java high-level or middle level language?

Languages like FORTRAN,C, C++, JAVA, Python, etc., are examples of high-level languages. All these programming languages use human-understandable language like English to write program instructions.

What does Authorization Requirements intale?

Layered upon authentication, authorization requirements are those that confirm that an authenticated entity has the needed rights and privileges to access and perform actions on a requested resource.

Explain the Design Security Principle: Least Common Mechanisms

Least common mechanism principle suggest not sharing system mechanisms among users or programs except when absolutely necessary.

What is locality of reference with example?

Locality of reference refers to a phenomenon in which a computer program tends to access same set of memory locations for a particular time period. In other words, Locality of Reference refers to the tendency of the computer program to access instructions whose addresses are near one another.

What is loose coupling?

Loose coupling refers to the connection between components of a system or network, such as software applications or hardware.

What does MTD stand for? And what is it?

Maximum Tolerable Downtime (MTD). MTD is the measure of the maximum amount of time that the software can be in a state of not providing expected service. In other words, it is the measure of the minimum level of availability that is required of the software for business operations to continue without unplanned disruptions as per expectations.

What does MSB stand for? And what is it?

Minimum Security Baseline (MSB). Establishing and maintaining a configuration of the minimum level of security that is acceptable..

What is multi-factors authentication?

Multi-factor Authentication (MFA) is an authentication method that requires the user to provide two or more verification factors to gain access to a resource such as an application, online account, or a VPN.

What does NIST stand for? And what is it?

National Institute of Standards and Technology. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary. You can see it as a handbook for guidance within computer security.

What is cloaking in security?

Network cloaking is an attempt to provide wireless security by hiding the network name (service set identifier) from being broadcast publicly. Many routers come with this option as a standard feature in the setup menu accessed via a web browser.

What is obfuscation in coding?

Obfuscation means to make something difficult to understand. Programming code is often obfuscated to protect intellectual property or trade secrets, and to prevent an attacker from reverse engineering a proprietary software program. Encrypting some or all of a program's code is one obfuscation method.

What is Information Lifecycle Management (ILM) / Data Lifecycle Management (DLM)?

Often when DLM is mentioned, there is a tendency to see it from purely a product perspective, it is important to recognize that DLM is not a product, but a policy based approach, involving procedures and practices, to protect data throughout the information life cycle: from the time it is created to the time it is disposed or deleted.

What is a one-time password (OTP)?

One-time password (OTP) systems provide a mechanism for logging on to a network or service using a unique password that can only be used once, as the name suggests.

What is Parametric Polymorphism?

Parametric polymorphism is a programming language technique that enables the generic definition of functions and types, without a great deal of concern for type-based errors. It allows language to be more expressive while writing generic code that applies to various types of data. Like List or Object datatypes in Java.

What does PCI stand for and what is it?

Payment Card Industry Data Security Standard. PCI is a set of comprehensive requirements aimed at increasing payment account data security. It is regarded as a multifaceted(having many different aspects or features) security standard as it includes requirements not only for the technological elements of computing such as network architecture and software design, but also for security management, policies, procedures and other critical protective measures. The goal of the PCI DSS is to facilitate organization's efforts to proactively protect card holder payment account data.

What does PII stand for? And what is it?

Personal Identifiable Information (PII) is defined as: Any representation of information that permits the identity of an individual to whom the information applies to be reasonably inferred by either direct or indirect means.

What is the difference between a standard, policy, baseline and guideline?

Policies act as a statement of intent Standards function as rules to achieve that intent Baseline is a minimum level of security that a system, network, or device must adhere to Guidelines are general recommendations; they're not mandatory or required (weak baseline)

What is policy decomposition?

Policy decomposition involves the mapping of high-level policy statements into lower-level policies, a process that can be repeated until the policies are implementable. Security Policy: An instrument that is used to communicate and mandate organizational and management goals and objectives at a high level. It can be a document that states in writing how a company plans to protect its physical and information technology (IT) assets. It is the instrument by which digital assets that require protection can be identified.

What is Privileged Code?

Privileged code is managed code that accesses secured resources or performs other security sensitive operations such as calling unmanaged code, using serialization, or using reflection. It is referred to as privileged code because it must be granted permission by code access security policy to be able to function. Non-privileged code only requires the permission to execute. Priviliged code has a kind of policy security watching and deciding their every move.

Where does Problem Management fit into software security and what kind of functions does it have?

Problem management is focused on improving the service and business operations. When the cause of an incident is unknown, there it is said to be a problem. The goal of problem management is to determine and eliminate the root cause of the and in doing so it improves the service that IT provides to the business because the same issue so not be repeated again. Incident management aims at restoring service and business operations as quickly as possible.

What is flow control in security?

Procedure to ensure that information transfers within an information system are not made in violation of the security policy.

What does SP 800-18: Guide for developing Security Plans for Federal Systems provide?

Provides a framework for developing relevant security plans. It contains within a framework for classifying information assets based on impact to the three core security objectives, i.e., confidentiality, integrity and availability besides providing system security plan responsibilities and a sample plan template in its appendix.

What does SP 800-64: Security Considerations in the Information Systems Development Life Cycle provide?

Provides guidance for building security into the IT systems (or software) development life cycle (SDLC) from the inception of the system or software.

What does SP 800-100: Information Security Handbook: A Guide for Managers provide?

Provides guidance from a management perspective for developers, architects, HR, operational and acquisition personnel as well.

What does SP 800-27: Engineering Principles for Information Technology Security provide?

Provides various IT security principles. Some of these principles are people-oriented, while others are tied to the process for designing security in IT systems.

What is directory information also known as?

Public data. The classification of data is split into sensitivity levels. This is used to determine the confidentiality requirements. The name 'directory' information comes from the fact that such information can be found in a public directory like a phone book, etc. When information is classified as public information, confidentiality assurance protection mechanisms are not necessary.

The ISO/IEC 25000:2005 - Software Engineering Product Quality is an internationally recognized standard that provides...?

Recommendations and prescriptive guidance for the use of the new series of International quality standards named Software product Quality Requirements and Evaluation (SQuaRE).

What does RTO stand for? And what is it?

Recovery Time Objective (RTO). RTO is the amount of time by which the system or software needs to be restored back to the expected state of business operations for authorized business users, when it goes down. Both MTD and RTO should be explicitly stated in the Service Level Agreements (SLA). It is advisable to set the RTO to be lesser than the MTD.

The ISO/IEC 27006:2007 - Requirements for Bodies Providing Audit and Certification of Information Security Management Systems is an internationally recognized standard that ensures...?

Reliable and consistent certification of Information Security Management Systems.

The ISO 28000:2007 - Specification for security management systems for the supply chain is an internationally recognized standard that specifies...?

Requirements for a security management system, including those aspects critical to security assurance(measures taken during development and evaluation of the product to assure compliance with the claimed security functionality) of the supply chain. These aspects include all activities controlled or influenced by organizations that impact supply chain security.

The ISO/IEC 27001:2005 - Information Security Management Systems Requirements is an internationally recognized standard that specifies...?

Requirements for establishing, implementing, operating, monitoring, reviewing, maintaining and improving a documented ISMS(Information Security Management System).

What is Ring Protection?

Ring protection mechanism can be portrayed as a set of concentric numbered rings. It is the ring number that determines the level of access that is allowed.

What is RBAC mechanism?

Role-based access control (RBAC), also known as role-based security, is a mechanism that restricts system access. It involves setting permissions and privileges to enable access to authorized users.

What is Security Assertion Markup Language used for?

SAML is an XML-based markup language for security assertions (statements that service providers use to make access-control decisions). it is an open federation standard that allows an identity provider (IdP) to authenticate users and then pass an authentication token to another application known as a service provider (SP).

What is SCADA in security?

SCADA - Supervisory Control and Data Acquisition - is an automated software control system that monitors industrial control systems (ICS) and provides data insights to industrial supervisors about the condition of the entire operation.

Standard and Software Security (ISO/IEC 15408) addresses..?

SFRs(security functional requirements) and SARSs(security assurance requirements), which address vulnerabilities that arise from failures in Requirements, Development and/or in Operations. Software that does not include security functional or assurance requirements can be rendered ineffective and insecure even if meets all business functionality.

What is STRIDE?

STRIDE is a threat modeling methodology that is performed in the design phase of software development in which threats are grouped and categorized into the following six categories. See image for the six categories: A threat model is a structured representation of all the information that affects the security of an application.

What is Sandboxing in security?

Sandboxing is a cybersecurity practice where you run code, observe and analyze and code in a safe, isolated environment on a network that mimics end-user operating environments. Sandboxing is designed to prevent threats from getting on the network and is frequently used to inspect untested or untrusted code.

What is SSL?

Secure Sockets Layer (SSL) is a standard security technology for establishing an encrypted link between a server and a client—typically a web server (website) and a browser, or a mail server and a mail client (e.g., Outlook). Aka, over the internett.

Name the 6 Core Security Requirements.

See image.

What are the 7 steps in the PNE process?

See image.

What is Service Oriented Architecture (SOA)?

Service-oriented architecture security (SOA security) is a type of security that implements goals or objectives for an entire IT system, instead of only for one software program or platform. SOA is used to improve healthcare delivery. Nowadays many apps are games and they use inbuilt functions to run. For example, an app might need GPS so it uses the inbuilt GPS functions of the device. This is SOA in mobile solutions.

What is Liberty alliance ID-FF?

Services that would solve business process issues including single sign-on, federation and consent. The Liberty Alliance Project Identity Federation Framework (Liberty ID-FF) uses a name identifier to pass identity data between identity providers and service providers.

What does Session Management Requirements intale?

Session management requirements are those that ensure that once a session is established, it remains in a state that it will not compromise the security of the software. In other words, the established session is not susceptible to any threats to the security policy as it applies to confidentiality, integrity and availability.

What is a Cold boot attack?

Side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off. A typical cold boot attack is executed on a running but locked computer in the following way: While the computer is still running, it is opened, and the DRAM modules are cooled down with cooling spray to extend the time they retain their contents. After that, a hard shutdown is executed (pulling the power plug) and the system is booted from a prepared media containing memory dumping tools with a minimal memory footprint to extract the preserved memory content. Alternatively, the memory modules can be removed from the computer and transferred to another system to be dumped.

What does SLE stand for, and what is it?

Single Loss Expectancy (SLE) tells us what kind of monetary loss we can expect if an asset is compromised because of a risk. SLE = asset value × exposure factor Exposure factor (EF) is the subjective, potential percentage of loss to a specific asset if a specific threat is realized.

What is Single Sign-On?

Single sign-on (SSO) is an authentication method that enables users to securely authenticate with multiple applications and websites by using just one set of credentials. SSO simplifies credential management and improves user experiences and performance because the principal's credential is verified only once, improper design of SSO can result in security breaches that have colossal consequences.

What is software IP?

Software intellectual property(Intellectual Property protection), also known as software IP, is a computer code or program that is protected by law against copying, theft, or other use that is not permitted by the owner. Software IP belongs to the company that either created or purchased the rights to that code or software. Any unauthorized use of it by someone else is illegal.

What is Spoofing?

Spoofing, as it pertains to cybersecurity, is when someone or something pretends to be something else in an attempt to gain our confidence, get access to our systems, steal data, steal money, or spread malware. Spoofing attacks come in many forms, including: Email spoofing, Website and/or URL spoofing and phone number spoofing.

What are ISO standards?

Standards that are internationally agreed by experts. Think of them as a formula that describes the best way of doing something. The International Organization for Standardization

What is Static Analysis in coding?

Static analysis, also called static code analysis, is a method of computer program debugging that is done by examining the code without executing the program. The process provides an understanding of the code structure and can help ensure that the code adheres to industry standards.

What is steganography and how it works?

Steganography is the technique of hiding secret data within an ordinary, non-secret, file or message in order to avoid detection; the secret data is then extracted at its destination. The use of steganography can be combined with encryption as an extra step for hiding or protecting data.

What is syslog in security?

Syslog stands for System Logging Protocol and is a standard protocol used to send system log or event messages to a specific server, called a syslog server. It is primarily used to collect various device logs from several different machines in a central location for monitoring and review.

Explain Capability Maturity Model Integration (CMMI)

The Capability Maturity Model Integration (CMMI) is a process and behavioral model that helps organizations streamline process improvement and encourage productive, efficient behaviors that decrease risks in software, product, and service development.

What does FIRST stand for and what is it?

The Forum in Incident Response and Security Teams (FIRST) is a nonprofit corporation established with the aim to enable incident response teams to more effectively respond to security incidents by providing access to best practices, tools, and trusted communication with member teams.

What is (ISC)²?

The International Information System Security Certification Consortium, or (ISC)², is a nonprofit organization that specializes in training and certifications for cybersecurity professionals. It has been described as "the world's largest IT security organization".

What does OWASP stand for and what is it?

The Open Web Application Security Project. A nonprofit foundation dedicated to improving software security. They have published a document with the top ten most common web application security risks.

Explain the Design Security Principle: Least Privilege

The Principle of Least Privilege states that a subject should be given only those privileges needed for it to complete its task. This right must be given only for a minimum amount of time that is necessary to complete the operation.

What do we mean by public key infrastructure?

The Public key infrastructure (PKI) is the set of hardware, software, policies, processes, and procedures required to create, manage, distribute, use, store, and revoke digital certificates and public-keys. PKI uses digital certificates to make key exchange and management automation possible.

What is an SSL handshake?

The SSL handshake is the process in which a client and server establish the encryption algorithms and secret keys they will use to communicate with each other securely, and exchange and validate each other's digital certificates.

What does Trusted Platform Module do?

The TPM is a cryptographic module that enhances computer security and privacy. Protecting data through encryption and decryption, protecting authentication credentials, and proving which software is running on a system are basic functionalities associated with computer security. Better definition after next card.

What does WASC stand for and what is it?

The Web Application Security Consortium (WASC) is an international group of experts, industry practitioners, and organizational representatives who produce open source and widely agreed upon best-practice security standards for the Worldwide Web. Web security vulnerabilities continually impact the risk of a website.

What are the benefits of Zachman Framework?

The benefit of the Zachman Framework is, that it provides a holistic perspective on the whole enterprise while at the same time allowing to focus on certain aspects of the object. holistic = treated as a whole

What does Improper Session Management intale?

The common mechanisms by which a majority of mobile apps manage sessions are: HTTP cookies, Open Authentication (OAuth) tokens and SSO authentication services, which are all susceptible to Man-in-the-Middle (MITM) attacks.

What is Protection Needs Elicitation (PNE)? Elicitation = the act of drawing out or bringing forth emotions, opinions, facts, etc

The determination(establishing something exactly) of security requirements is also known as protection needs elicitation (PNE). The process of establishing security requirements for a software.

Explain the Design Security Principle: Open Design

The open design security principle states that the implementation details of the design should be independent of the design itself, which can remain open, unlike in the case of security by obscurity wherein the security of the software is dependent upon the obscuring of the design itself. When software is architected using the open design concept, the review of the design itself will not result in the compromise of the safeguards in the software.

What is the OSI model, and explain the 7 layers.

The open systems intercommunication (OSI) model is a conceptual model that standardizes communications between computers. See image

What are Dangling Pointers?

The pointers pointing to a deallocated memory block are known as Dangling Pointers. This condition generates an error known as Dangling Pointer Problem.

Define Exposure Factor

The potential percentage of loss to a specific asset if a specific threat is realized.

Define Probability (using Software Security lingo)

The probability that a particular threat can happen. Since the goal of risk management is to reduce the risk to an acceptablelevel, the measurement of the probability of an unintended, unwanted or harmful event being triggered is important.

When the runtime permissions of the code are defined as security attributes in the metadata of the code, it is referred to as: A. imperative syntax security. B. declarative syntax security. C. code signing. D. code obfuscation.

There are two types of security syntax; namely, declarative security and imperative security. Declarative syntax address the "what" part of an action, whereas imperative syntax tries to deal with the "how" part. When security requests are made in the form of attributes (in the metadata of the code), it is referred to as declarative security. It does not precisely define the steps as to how the security will be realized. When security requests are made through programming logic within a function or method body, it is referred to as imperative security. Declarative security is an "all-or-nothing" kind of implementation, while imperative security offers greater levels of granularity and control, because the security requests runs as lines of code intermixed with the application code.

What are security design principles used for?

They describe a securely architected system hosted on cloud or on-premises datacenters (or a combination of both).

Explain the Design Security Principle: Economy of Mechanisms

This in layman terms is the Keep It Simple principle because the likelihood of a greater number of vulnerabilities increases with the complexity of the software architectural design and code. By keeping the software design and implementation details simple, the attackability or attack surface of the software is reduced.

Explain the Design Security Principle: Leveraging Existing Components

This is a security principle that focuses on ensuring that the attack surface is not increased and no new vulnerabilities are introduced by promoting the reuse of existing software components, code and functionality.

Explain the Design Security Principle: Weakest Link

This security principle states that the resiliency of your software against hacker attempts will depend heavily on the protection of its weakest components, be it the code, service or an interface.

What is Software Tokenization?

Tokenization, when applied to data security, is the process of substituting a sensitive data element with a non-sensitive equivalent, referred to as a token.

What does Transport Layer Security include?

Transport Layer Security, or TLS, is a widely adopted security protocol designed to facilitate privacy and data security for communications over the Internet. A primary use case of TLS is encrypting the communication between web applications and servers, such as web browsers loading a website.

What is a use-case model?

Use Case Model describes the proposed functionality of a new system. A Use Case represents a discrete unit of interaction between a user (human or machine) and the system. A misuse-case describes how functionality potentionally could be misused.

What are views in database security?

Views can be used as security mechanisms by letting users access data through the view, without granting the users permissions to directly access the underlying base tables of the view. Views can be used to provide a backward compatible interface to emulate a table that used to exist but whose schema has changed.

What does Inference mean?

What Does Inference Mean? Inference is a database system technique used to attack databases where malicious users infer sensitive information from complex databases at a high level. In basic terms, inference is a data mining technique used to find information hidden from normal users. The inference problem in databases occur when sensitive information can be disclosed from non- sensitive data and metadata. It is difficult to protect against an inference attack, because the trivial piece of information may be legitimately obtained by the attacker.

What is a repudiation attack?

When an application or system does not adopt controls to properly track and log users' actions, thus permitting malicious manipulation or forging the identification of new actions. Non-repudiation = Assurance that the sender of information is provided with proof of delivery and the recipient is provided with proof of the sender's identity, so neither can later deny having processed the information.

Define Threat Agent (using Software Security lingo)

When the threat-agent actively and intentionally causes a threat to happen, it is referred to as an 'attack'.

What is subject-object modeling?

When there are multiple subjects (a user or a process) that require access to functionality within the software, it is critical to understand what each subject is allowed to do. The object of an access is the resource a user or process wants to access.

What is meant by supply chain security?

When working with other organizations, there might be inherent risks when working with them. Identifying, analyzing and imitigating these potential risks is a supply chain security measurement.

What is White Box Security Testing?

White Box Penetration Testing is a type of security testing in which the internal structure of a system or network is known to the penetration tester. White Box testing is often used to pentest internal networks and systems of a company.