Chapter 11 – Software Security
TRUE/FALSE QUESTIONS:
T F 1. Many computer security vulnerabilities result from poor programming
practices.
T F 2. Security flaws occur as a consequence of sufficient checking and
validation of data and error codes in programs.
T F 3. Software security is closely related to software quality and reliability.
T F 4. A difference between defensive programming and normal practices is
that everything is assumed.
T F 5. Programmers often make assumptions about the type of inputs a
program will receive.
T F 6. Defensive programming requires a changed mindset to traditional
programming practices.
T F 7. To counter XSS attacks a defensive programmer needs to explicitly
identify any assumptions as to the form of input and to verify that any
input data conform to those assumptions before any use of the data.
T F 8. Injection attacks variants can occur whenever one program invokes the
services of another program, service, or function and passes to it
externally sourced, potentially untrusted information without sufficient
inspection and validation of it.
T F 9. Cross-site scripting attacks attempt to bypass the browser’s security
checks to gain elevated access privileges to sensitive data belonging to
another site.
T F 10. To prevent XSS attacks any user supplied input should be examined
and any dangerous code removed or escaped to block its execution.
T F 11. An ASCII character can be encoded as a 1 to 4 byte sequence using
the UTF-8 encoding.
T F 12. There is a problem anticipating and testing for all potential types of
non-standard inputs that might be exploited by an attacker to subvert a program.
T F 13. Key issues from a software security perspective are whether the
implemented algorithm correctly solves the specified problem, whether the machine instructions executed correctly represent the high level algorithm specification, and whether the manipulation of data values in variables is valid and meaningful.
T F 14. Without suitable synchronization of accesses it is possible that values
may be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values.
T F 15. The correct implementation in the case of an atomic operation is to
test separately for the presence of the lockfile and to not always attempt to create it.
Chapter 11 – Software Security
Answer Key
TRUE/FALSE QUESTIONS:
1. T
2. F
3. T
4. F
5. T
6. T
7. F
8. T
9. T
10. T
11. F
12. T
13. T
14. T
15. F
Reviews
There are no reviews yet.