Part I:
1. There are three Parts
2. For the descriptive questions (Parts II and III), you should provide answers in your words.
However, when you use the words of others in any answers, you must use quotation marks and attribute the source right there following APA style recommendations.
You must provide a separate reference section for each descriptive question following APA style recommendations.
For the descriptive questions, correctness, logical flow, grammar, and proper references are all important in that order.
3. You may use any resources in addition to the textbook, such as other books, articles, and the Web.
Part I: Multiple Choice questions
1. What is software assurance?
a. a methodology that provides the framework for secure software b. a tool that can be used to produce secure software c. a theorem prover technique to produce secure software d. a CMMI process to produce reliable software
2. What are two ways a developer can sustain secure code during software maintenance?
a. Create a Change Control Board and conduct threat analysis on each change request. b. Go to training for advanced hacking techniques and read journals on security topics. c. Work closely with the business analysts with each requirement and continue with the peer reviews. d. Read journals and web sites that repot on latest attacks.
3. Validation is the process to ensure that:
a. the requirements meet the needs. b. the design meets the requirements. c. the implementation meets the requirements. d. the implementation faithfully satisfies the design.
4. Verification is the process to ensure that:
a. the requirements meet the needs. b. the design meets the requirements. c. the implementation meets the requirements. d. the implementation faithfully satisfies the design.
5. The NRL taxonomy classifies flaws using multiple dimensions that include (choose all that apply):
a. where the flaw occurs b. the programmer who introduced the flaw c. the organization that introduced the flaw d. the time the flaw was introduced
6. Having a software assurance plan ensures which of the following?
a. secure code b. that a process is in place within the development life cycle that tests for security vulnerabilities c. that the software is safe from attacks d. that the development has tested for security vulnerabilities before releasing the software product
7. Which of the following defines a functional test script?
a. a document created by the project management team that specifies what needs to be tested, how to test, and who test it b. step-by-step instructions that are specifically created for testing the security of the application c. step-by-step instructions that depict a specific scenario or situation that the use case will encounter as well as the expected result d. a document that contains test output
8. Which of the following is not a technique for secure coding?
a. validating request data b. error handling c. self-monitoring d. diversity e. minimizing number of lines of code
9. Which tool will help in the following situation? There are five developers on the team and they have trouble synchronizing their code. Currently, they are emailing their files and merging them ad hoc.
a. IDE b. Version Control c. Build Tool d. Merge Tool
10. Which tool will help analyze the following situation? The application seems to take longer to reply after the code executes the database calls
a. IDE b. Debugger c. Profiler d. Memory Monitor
11. Why should developers collaborate with business analysts?
a. Refine system requirements including security requirements while creating design documentation as each requirement is discussed. b. Look for weaknesses and unknowns in the requirements documentation. c. Get tips for secure coding. d. Install and configure development tools
12. To help understand a use case, the developer walks through each step of tasks and activities and makes sure all relevant requirements are covered. What is this type of analyzing called?
a. Thinking like the application b. Use case interrogation c. Subjective analysis d. Objective analysis
13. As a developer of application, what is the most relevant element you should know about an attack?
a. Who the attacker is. b. What motivates the attacker. c. What preconditions in the applications have to be met for the attacker to succeed. d. Where did the attack originate from.
14. Into which of the eight design principles by Saltzer and Schroeder does the following design fit? The developers should design their code so that proper authorization is checked when the initial request is sent to the server and again when the response is sent back to the client.
a. Fail-safe b. Complete mediation c. Least privilege d. Keep it simple
15. Into which of the eight design principles by Saltzer and Schroeder does the following design fit? The developers designed their code so that no update transaction can execute unless the request comes from a security administrator who is using the update screen from application xxx
a. Fail-safe b. Complete mediation c. Keep it simple d. Least privilege
16. To address failing securely, what should be built into the code (choose all that apply)?
a. Proper error handling b. Self-detection of a failure c. Separation of GUI requirements from database requirements d. Separation of GUI requirements from business requirements
17. When software development goes through all stages, a small chunk of requirements at a time, it is said to be coded using what methodology?
a. Waterfall b. Object-oriented c. Spiral d. Iterative
18. When software development goes through all stages from start to finish in one swoop, it is said to be coded using what methodology?
a. Waterfall b. Object-oriented c. Spiral d. Iterative
19. The main goal of secure software development process is to:
a. develop code quickly b. develop efficient code c. write quality code that handles known vulnerabilities and follow good security design and coding practices d. assure that code does not have any bugs
20. The most critical step in designing an effective auditing system in an enterprise to detect security violations is:
a. have a good understanding of the attacks that could be directed at the enterprise b. have a good understanding of the computing needs of users or employees who will be using the various systems in the enterprise c. have a good understanding of the policies to be enforced d. have a good understanding of the communication requirements of various systems in the enterprise
Part II: Questions requiring a short description, no more than 1 page (double-spaced) per question
1. Bishop, Chapter 21, p. 610 - Problem # 4 - What are the conceptual differences between a reference validation mechanism, a trusted computing base, and the TOE Security Functions?
2. Bishop, Chapter 18, p. 495 - Problem # 7 - A company develops a new security product using the extreme programming software development methodology - programmers code, then test, then add more code, then test, and continue the iteration. Every day, they test the code base as a whole. The programmers work in pair when writing code to ensure that at least two people review the code. The company does not adduce any additional evidence of assurance. How will you explain to the management of this company why their software is not a high assurance software.
Part III: 1 question requiring no more than 2 pages (double-spaced). There are two secure software development methodologies that are popular:
1. Microsoft Security Development Lifecycle (see https://www.microsoft.com/en-us/sdl/; also see the attached Simplified Implementation of the Microsoft SDL document)
2. OWASP CLASP (see https://www.owasp.org/index.php/CLASP_Concepts; also see the attached overview presentation of CLASP)
Pick one of these two methodologies. Explain what the methodology is, how well it addresses security concerns in the life cycle and what are its drawbacks if any. Feel free to use other resources.