Short Essay Questions
Maximum of one page. Presentation (spelling, grammar and other aspects of writing) as well as correctness are considered when marking.
1. Consider a web application written in C++ that accepts user input via a form and uses it to construct a SQL query. Explain what vulnerabilities should be mitigated in this web
application, which general secure design principles are being violated and outline one or more mitigation strategies.
2. Consider the relationship between risk modelling (threat modelling in the Microsoft software development lifecycle) and secure software evaluation. In particular, discuss what is risk modelling, what are the limitations of functional tests with respect to security testing, how risk modelling help in the choice of security-relevant tests and how risk modelling can be used to determine how you choose mitigation strategies for security bugs found during testing.