Write much as possible for each question. Do not write simple short answer. These questions ask you to write what you know about each topic.
Your answer must be written in your own words (No copy and paste from the textbook or lecture note)
You can’t directly use external sources for answers (e.g. Google, Bing)
1. What is security flaw? Explain with example
2. What are considerations for maintaining information security? Explain with example for each consideration
3. What are Functional requirements and non-functional requirements? What are the characteristics of non-functional requirements? Explain with example for each characteristic
4. What is software development life cycle (SDLC)? Explain SDLC’s 5 phases and corresponding tasks with examples
5. When the security measures are considered in SDLC? Why security experts are applying security measures during SDLC? Explain with example
6. Describe Security Perimeter and Attack Surface with example
7. Describe best practice: Apply Defense in Depth with example
8. What are difference in using positive security model and negative security model
9. What is security by obscurity and why it should be avoided? Explain with example
10. What is misuse case modeling in textbook? Explain with example
11. Write example of threat modeling. Also, what is risk analysis and consideration?
12.What is Cross Site Scripting (CWE79)? Provide example of Cross site scripting
13. What is embedded system and why security breach in embedded system is critical (explain with example)? What are bad assumptions that developers comes up?
14.Explain 7 key security risks for cloud application by Gartner Group with example for each risk
15.Mobile applications are growing platform in software development. Explain 3 possible attacks and mitigation measures for mobile application