1
Q
What is Security
A
Regulating asset access to minimize risks
2
Q
What is Software Security
A
managing software functionality risks
3
Q
Security Should Assess…
A
- Stakeholders
- Assets
- Threats
- Attackers
4
Q
What is a Security Policy?
A
Specification of what coutermeasures intend to achieve
5
Q
How are Security Policies Enforced?
A
Via security mechanisms
6
Q
Define CIA
A
- Confidentiality: prevent unauthorized disclosure
- Integrity: prevent unauthorized altering
- Availability: always available
7
Q
What is Non-repudiation?
A
Authorized users cannot deny actions
8
Q
Define AAAA
A
- Authentication
- Authorization (Prevention)
- Auditing (Detection)
- Action (Reaction)
9
Q
What are Sources of Software Vulnerabilities?
A
- Application/infrastructure bugs
- Inappropriate infrastructure features
- Inappropriate use of infrastructure features
10
Q
What are the Main Causes of Software Vulnerabilities?
A
- Feature Complexity
- Developer Ignorance
11
Q
What are the Threat Modelling Steps
A
- Identify assets and stakeholders
- Consider app architecture and environment
- Brainstorm known threats
- Define security assumptions
- Rank threats
- Decide threat priorities
- Decide how to mitigate threats
Engineering Secure Software
flashcards
Decks in class (11)
# Cards
