630 Part VIlI Project Management and Software Security CHAPTER REVIEW QUESTIONS
ID: 3875494 • Letter: 6
Question
630 Part VIlI Project Management and Software Security CHAPTER REVIEW QUESTIONS 1. What is software security, and why it is important? they differ from the design patterns presented in the other chapters? 2. What are the secure software design principles, and ware design principles how do they differ from the soft presented in Chapter 6? 4. What are the software security activities in the life cycle? 3. What are secure software design patterns, and how do EXERCISES application. Include security-related domain con cepts, their properties and relationships. 24.1 Identify and formulate security requirements for the online car rental project described in Appendix D.1 24.2 Identify five of the most significant misuse cases for 24.5 Produce sequence diagrams for the three most use- online car rental application. the online car rental project. Also specify the abstract, high-level, and expanded misuse cases for these five misuse cases. Hint: These are the same as abstract, high-level, and expanded use cases except that they Include and indicate in the sequence diagrams secu- rity mechanisms to satisfy the security requirements formulated previously have a hostile intent. 24.6 Do the same exercises as above but use the 24.3 Produce a secure architectural design for the on- line car rental software. Indicate which secure soft- Study Abroad Management System described in Appendix D.3. ware design principles and security patterns are 24.7 Do the same exercises as above but use the National applied Trade Show Service (NTSS) system described i Appendix D.2. 24.4 Produce a domain model for the online car rentalExplanation / Answer
1)Answer:
Software security :
Software security is an idea implemented to protect software against malicious attack and other hacker risks so that the software continues to function correctly under such potential risks. Security is necessary to provide integrity, authentication and availability.
Any compromise to integrity, authentication and availability makes a software unsecure. Software systems can be attacked to steal information, monitor content, introduce vulnerabilities and damage the behavior of software. Malware can cause DoS (denial of service) or crash the system itself.
Buffer overflow, stack overflow, command injection and SQL injections are the most common attacks on the software.
Buffer and stack overflow attacks overwrite the contents of the heap or stack respectively by writing extra bytes.
Command injection can be achieved on the software code when system commands are used predominantly. New system commands are appended to existing commands by the malicious attack. Sometimes system command may stop services and cause DoS.
SQL injections use malicious SQL code to retrieve or modify important information from database servers. SQL injections can be used to bypass login credentials. Sometimes SQL injections fetch important information from a database or delete all important data from a database.
The only way to avoid such attacks is to practice good programming techniques. System-level security can be provided using better firewalls. Using intrusion detection and prevention can also aid in stopping attackers from easy access to the system.
Importance:
As organizations worldwide increasingly rely on software controls to protect their computing environments and data in the cloud and on premises, the topic of Software Security Assurance grows in importance. The potential costs associated with security incidents, the emergence of increasingly complex regulations, and the continued operational costs associated with staying up to date with security patches all require that organizations give careful consideration to how they approach software security and assess the security assurance practices of their technology suppliers.
Related Questions
Navigate
Integrity-first tutoring: explanations and feedback only — we do not complete graded work. Learn more.