The personal wiki of ...
Relevant Readings

Short Essay Questions

Maximum of one page. Presentation (spelling, grammar and other aspects of writing) as well as correctness are considered when marking.

1. Consider a web application written in C++ that accepts user input via a form and uses it to construct a SQL query. Explain what vulnerabilities should be mitigated in this web application, which general secure design principles are being violated and outline one or more mitigation strategies.

2. Consider the relationship between risk modelling (threat modelling in the Microsoft software development lifecycle) and secure software evaluation. In particular, discuss what is risk modelling, what are the limitations of functional tests with respect to security testing, how risk modelling help in the choice of security-relevant tests and how risk modelling can be used to determine how you choose mitigation strategies for security bugs found during testing.
Topic attachments
I Attachment Action Size Date Who Comment
NWEN405-lecture13-microsoft.pdf.zipzip NWEN405-lecture13-microsoft.pdf.zip manage 8 MB 14 Jan 2012 - 16:30 Main.ian  
NWEN405-lecture15-evaluation.pdfpdf NWEN405-lecture15-evaluation.pdf manage 276 K 14 Jan 2012 - 16:41 Main.ian  
NWEN405-lecture8.pdfpdf NWEN405-lecture8.pdf manage 621 K 14 Jan 2012 - 16:35 Main.ian  
Secure-testing.pdfpdf Secure-testing.pdf manage 1 MB 14 Jan 2012 - 16:34 Main.ian  
SecurityEngineering-motivation.pdfpdf SecurityEngineering-motivation.pdf manage 907 K 14 Jan 2012 - 16:35 Main.ian  
Contact Us | Section Map | Disclaimer | RSS feed RSS FeedBack to top ^

Valid XHTML and CSS | Built on Foswiki

Page Updated: 14 Jan 2012 by ian. © Victoria University of Wellington, New Zealand, unless otherwise stated