Chapter Seven Software Security Overview Quiz

Questions and Answers

What is the primary goal of software security?

• To prevent software from functioning correctly
• To introduce vulnerabilities into the software
• To engineer software to function correctly under malicious attack (correct)
• To make software vulnerable to malicious attacks

Which of the following is NOT a common software security threat mentioned in the text?

• Input validation (correct)
• Command injection
• Buffer overflow
• Stealing information

What type of attack can cause DoS (denial of service) or crash the system?

• Stack overflow
• Malware (correct)
• Buffer overflow
• Command injection

Which of the following is an example of a software defect with security ramifications?

SQL injection (A)

What can command injection achieve on the software code?

Executing system commands (D)

Which of the following makes a software unsecure according to the text?

Compromise to confidentiality and authentication (C)

What is the primary purpose of SQL injections?

To retrieve or modify important information from database servers (C)

How can malicious intruders hack into systems according to the text?

By exploiting software defects (B)

What does software security best practices involve according to the text?

Thinking about security early in the software development lifecycle (D)

How can system-level security be provided according to the text?

Using better firewalls (B)

What is the primary focus of application security according to the text?

Protecting software and the systems that software runs in a post facto way (B)

What approach does application security follow according to the text?

Network-centric approach to security (C)

What is a critical issue related to application security according to the text?

Sandboxing code (A)

What is one of the common threats that software security best practices include according to the text?

Language-based flaws and pitfalls (D)

What are some elements included in software design principles according to the text?

Principles of least privilege, fail-safe stance, and defence-in-depth (C)

What is the primary goal of software security?

To engineer software so that it continues to function correctly under malicious attack.

What are some common attacks on software mentioned in the text?

Buffer overflow, stack overflow, command injection, and SQL injections.

How can malware impact software systems?

Malware can cause DoS (denial of service) or crash the system itself.

What are the consequences of compromising integrity, authentication, and availability in software?

It makes the software unsecure.

What type of attacks overwrite the contents of the heap or stack?

Buffer and stack overflow attacks.

What can command injection achieve on the software code?

Command injection can be achieved when system commands are used predominantly.

What is the primary difference between software security and application security?

Software security is about building secure software, while application security is about protecting software and the systems that software runs in a post facto way, after development.

How can system-level security be enhanced according to the text?

System-level security can be provided using better firewalls and by using intrusion detection and prevention to stop attackers from easy access to the system.

What are some critical issues related to application security as mentioned in the text?

Some critical issues related to application security include sandboxing code, protecting against malicious code, obfuscating code, locking down executables, and monitoring programs as they run.

What common threats are included in software security best practices according to the text?

Common threats included in software security best practices are language-based flaws and pitfalls, designing for security, and subjecting all software artifacts to thorough objective risk analyses and testing.

How can malicious intruders hack into systems, as per the text?

Malicious intruders can hack into systems by exploiting software defects.

What is the only way to avoid attacks as mentioned in the text?

The only way to avoid such attacks is to practice good programming techniques.

What is the primary risk encountered with internet-enabled software applications according to the text?

The most common security risk encountered with internet-enabled software applications is the software’s ever-expanding complexity and extensibility.

What makes a software unsecure according to the text?

Malicious intruders can hack into systems by exploiting software defects, which makes the software unsecure.

What security measures are part of software design principles according to the text?

Software design principles include the principles of least privilege, fail-safe stance, and defence-in-depth.

What type of attack can cause DoS or stop services according to the text?

New system commands appended to existing commands by malicious attack can cause DoS or stop services.

Flashcards are hidden until you start studying