Security Quiz

Which of the top 10 or bonus secure coding practices would the following refer to? If the compiler throws a warning, the code will still run, but you should not consider it to be secure code. 1) Heed Compiler Warnings 2) Sanitize Data Sent to Other Systems 3) Define Security Requirements 4) Model Threats

1) Heed Compiler Warnings

Which of the top 10 secure coding practices would the following statement reference: It is important to have both a secure runtime environment as well as using secure coding techniques. 1) Practice Defense in Depth 2) Use Effective Quality Assurance Techniques 3) Default Deny 4) Architect and Design for Security Policies

1) Practice Defense in Depth

Based on secure coding practices, if the compiler throws a warning when I compile my code, it would be best to treat the warning as an error and try to eliminate it. 1) True 2) False

1) True

When insecure coding practices are used, it is often easier to break system security by exploiting the software vulnerabilities than it is to try to defeat what security measures are in place. 1) True 2) False

1) True

Which of the top 10 secure coding practices does the following statement refer to: Your code should carefully check input before using it. 1) Validate input 2) Keep it simple 3) Adhere to the principle of least privilege 4) Adopt a secure coding standard

1) Validate input

Which of the top 10 secure coding practices does the following statement refer to: All code should have the least privilege necessary to run. For example, don't run the program as root unless it is absolutely necessary. 1) Validate input 2) Keep it simple 3) Adhere to the principle of least privilege 4) Adopt a secure coding standard

3) Adhere to the principle of least privilege

Which of the top 10 secure coding practices would the following statement reference: By default your code should focus on the conditions which will allow access. 1) Practice Defense in Depth 2) Use Effective Quality Assurance Techniques 3) Default Deny 4) Architect and Design for Security Policies

3) Default Deny

Which of the top 10 or bonus secure coding practices would the following refer to? During the design phase, you should define all security requirements, and at each step of development, the project should be evaluated with regards to those requirements. 1) Heed Compiler Warnings 2) Sanitize Data Sent to Other Systems 3) Define Security Requirements 4) Model Threats

3) Define Security Requirements

Based on secure coding practices, it is good practice to develop the coding standard for and also test the security of your program in a .NET environment when it will be deployed in a Linux environment. 1) True 2) False

2) False

Based on secure coding practices, it would be better to use a complex 100 line if-statement that tries to cover all possibilities for the sample data than it would be to use a 10 line loop that accurately covers all potential data. 1) True 2) False

2) False

Which of the top 10 secure coding practices does the following statement refer to: The more complex your design and the longer your code, the more likely you are to introduce errors and make it difficult to maintain security, so work hard to simplify your design and keep the code as short as possible. 1) Validate input 2) Keep it simple 3) Adhere to the principle of least privilege 4) Adopt a secure coding standard

2) Keep it simple

Which of the top 10 or bonus secure coding practices would the following refer to? If your code needs to pass data to a complex subsystem, then it is your responsibility to make sure that the data your code passes does not have any special characters or commands that could trigger a software vulnerability. 1) Heed Compiler Warnings 2) Sanitize Data Sent to Other Systems 3) Define Security Requirements 4) Model Threats

2) Sanitize Data Sent to Other Systems

Which of the top 10 secure coding practices would the following statement reference: It is important to have an external security review done of your code. 1) Practice Defense in Depth 2) Use Effective Quality Assurance Techniques 3) Default Deny 4) Architect and Design for Security Policies

2) Use Effective Quality Assurance Techniques

Which of the top 10 secure coding practices does the following statement refer to: You should always check to see if there is a secure standard for the target environment your code will be running in including the language you will be programming in. 1) Validate input 2) Keep it simple 3) Adhere to the principle of least privilege 4) Adopt a secure coding standard

4) Adopt a secure coding standard

Which of the top 10 secure coding practices would the following statement reference: If different parts of the code need different privileges, then it might be more secure to break the code into parts where each subsystem has different privileges. 1) Practice Defense in Depth 2) Use Effective Quality Assurance Techniques 3) Default Deny 4) Architect and Design for Security Policies

4) Architect and Design for Security Policies

Which of the top 10 or bonus secure coding practices would the following refer to? During the design phase, you should analyze the key components of your system and define the possible threats to each component and design defensively. 1) Heed Compiler Warnings 2) Sanitize Data Sent to Other Systems 3) Define Security Requirements 4) Model Threats

4) Model Threats