31 Questions
What is the primary goal of software security?
To engineer software to function correctly under malicious attack
Which of the following is NOT a common software security threat mentioned in the text?
Input validation
What type of attack can cause DoS (denial of service) or crash the system?
Malware
Which of the following is an example of a software defect with security ramifications?
SQL injection
What can command injection achieve on the software code?
Executing system commands
Which of the following makes a software unsecure according to the text?
Compromise to confidentiality and authentication
What is the primary purpose of SQL injections?
To retrieve or modify important information from database servers
How can malicious intruders hack into systems according to the text?
By exploiting software defects
What does software security best practices involve according to the text?
Thinking about security early in the software development lifecycle
How can system-level security be provided according to the text?
Using better firewalls
What is the primary focus of application security according to the text?
Protecting software and the systems that software runs in a post facto way
What approach does application security follow according to the text?
Network-centric approach to security
What is a critical issue related to application security according to the text?
Sandboxing code
What is one of the common threats that software security best practices include according to the text?
Language-based flaws and pitfalls
What are some elements included in software design principles according to the text?
Principles of least privilege, fail-safe stance, and defence-in-depth
What is the primary goal of software security?
To engineer software so that it continues to function correctly under malicious attack.
What are some common attacks on software mentioned in the text?
Buffer overflow, stack overflow, command injection, and SQL injections.
How can malware impact software systems?
Malware can cause DoS (denial of service) or crash the system itself.
What are the consequences of compromising integrity, authentication, and availability in software?
It makes the software unsecure.
What type of attacks overwrite the contents of the heap or stack?
Buffer and stack overflow attacks.
What can command injection achieve on the software code?
Command injection can be achieved when system commands are used predominantly.
What is the primary difference between software security and application security?
Software security is about building secure software, while application security is about protecting software and the systems that software runs in a post facto way, after development.
How can system-level security be enhanced according to the text?
System-level security can be provided using better firewalls and by using intrusion detection and prevention to stop attackers from easy access to the system.
What are some critical issues related to application security as mentioned in the text?
Some critical issues related to application security include sandboxing code, protecting against malicious code, obfuscating code, locking down executables, and monitoring programs as they run.
What common threats are included in software security best practices according to the text?
Common threats included in software security best practices are language-based flaws and pitfalls, designing for security, and subjecting all software artifacts to thorough objective risk analyses and testing.
How can malicious intruders hack into systems, as per the text?
Malicious intruders can hack into systems by exploiting software defects.
What is the only way to avoid attacks as mentioned in the text?
The only way to avoid such attacks is to practice good programming techniques.
What is the primary risk encountered with internet-enabled software applications according to the text?
The most common security risk encountered with internet-enabled software applications is the software’s ever-expanding complexity and extensibility.
What makes a software unsecure according to the text?
Malicious intruders can hack into systems by exploiting software defects, which makes the software unsecure.
What security measures are part of software design principles according to the text?
Software design principles include the principles of least privilege, fail-safe stance, and defence-in-depth.
What type of attack can cause DoS or stop services according to the text?
New system commands appended to existing commands by malicious attack can cause DoS or stop services.
Test your knowledge of software security and the concept of engineering software to function correctly under malicious attacks. Explore the central aspects of computer security problems and the implementation of software security to protect against malicious attacks and hacker risks.
Make Your Own Quizzes and Flashcards
Convert your notes into interactive study material.
Get started for free
