Scribd
Upload
18 views3 pages

Software Security Questions

Uploaded by

divya.a
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
18 views3 pages

Software Security Questions

Uploaded by

divya.a
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd

SOFTWARE SECURITY – IMPORTANT QUESTIONS

UNIT I – NEED OF SOFTWARE SECURITY AND LOW-LEVEL ATTACKS


2 Marks:
1. Define software security.
2. What is software assurance?
3. List any two threats to software security.
4. What are sources of software insecurity?
5. Define secure software.
6. What are memory-based attacks?
7. Differentiate heap and stack attacks.
8. What is buffer overflow?
9. Mention two benefits of detecting software security early.
10. What is meant by stack smashing?

13 Marks:
1. Explain threats to software security with examples.
2. Discuss the sources of software insecurity.
3. Describe properties of secure software in detail.
4. Explain heap and stack based attacks.
5. Write defense mechanisms for memory-based attacks.
6. Explain secure coding practices to prevent memory corruption.
7. Compare stack vs heap overflow attacks.
8. Explain the phases of identifying software security issues.
9. Discuss vulnerabilities caused by poor memory management.
10. Explain the importance of early detection of software security issues.

15 Marks:
1. Explain low-level memory attacks and their defenses.
2. Discuss secure software properties with suitable illustrations.
3. Analyze threats and sources of software insecurity.
4. Explain stack and heap vulnerabilities with real-time examples.
5. Describe in detail memory-based attack mitigation techniques.

----------------------------------------------------

UNIT II – SECURE SOFTWARE DESIGN


2 Marks:
1. What is SQUARE process model?
2. Define threat modeling.
3. What is requirements prioritization?
4. Define code injection.
5. What is session hijacking?
6. List any two secure design principles.
7. What is buffer overflow?
8. What is policy specification language?
9. Define stack inspection.
10. Mention two vulnerability trends.

13 Marks:
1. Explain SQUARE process model steps.
2. Discuss requirements engineering for secure software.
3. Explain code injection attacks and prevention.
4. Describe session hijacking techniques.
5. Explain threat modeling process.
6. Discuss vulnerability trends in modern software.
7. Explain buffer overflow in detail with examples.
8. Explain secure design principles.
9. Describe the concept of stack inspection.
10. Explain effects of untrusted executable content.

15 Marks:
1. Explain secure software design in detail with threat modeling.
2. Describe SQUARE model and its importance.
3. Discuss buffer overflow and code injection attacks with mitigation.
4. Explain vulnerability trends and secure design principles.
5. Explain session hijacking and its prevention techniques.

----------------------------------------------------

UNIT III – SECURITY RISK MANAGEMENT


2 Marks:
1. Define risk management.
2. What is risk profiling?
3. Define risk exposure factor.
4. What is risk evaluation?
5. Define mitigation.
6. What is vulnerability?
7. What is threat management?
8. Define asset value.
9. What is risk assessment?
10. Define vulnerability management.

13 Marks:
1. Explain risk management lifecycle.
2. Discuss risk profiling techniques.
3. Explain risk evaluation and mitigation.
4. Describe risk assessment techniques.
5. Explain threat management in detail.
6. Discuss vulnerability management strategies.
7. Explain exposure factors with examples.
8. Describe importance of security risk assessment.
9. Write notes on threat and vulnerability management.
10. Explain risk calculation process.

15 Marks:
1. Discuss risk management lifecycle in detail.
2. Explain threat and vulnerability management framework.
3. Describe risk assessment techniques and mitigation strategies.
4. Analyze security risk profiling with examples.
5. Explain enterprise-level risk management process.

----------------------------------------------------

UNIT IV – SECURITY TESTING


2 Marks:
1. What is security testing?
2. Define penetration testing.
3. What is enumeration?
4. Define exploitation.
5. What is post-exploitation?
6. List any two penetration testing tools.
7. What is SDLC?
8. Define remote exploitation.
9. What is firewall bypassing?
10. What is threat modeling in testing?

13 Marks:
1. Explain secure SDLC.
2. Describe risk-based security testing.
3. Explain penetration testing phases.
4. Discuss enumeration techniques.
5. Describe remote exploitation and tools.
6. Write about web application exploitation.
7. Explain exploits and client-side attacks.
8. Explain bypassing firewalls and avoiding detection.
9. Discuss prioritizing security tests using threat modeling.
10. Explain post-exploitation techniques.

15 Marks:
1. Explain penetration testing methodology in detail.
2. Discuss security testing with threat modeling approach.
3. Describe exploitation, post-exploitation and avoidance techniques.
4. Explain secure SDLC and its phases.
5. Explain web exploitation techniques and tools.

----------------------------------------------------

UNIT V – SECURE PROJECT MANAGEMENT


2 Marks:
1. What is IT governance?
2. Define enterprise security framework.
3. What is software security maturity?
4. Define project security management.
5. What is compliance?
6. What is secure governance?
7. Define maturity model.
8. What is process improvement?
9. What is risk governance?
10. Define enterprise policy.

13 Marks:
1. Explain governance and security.
2. Discuss enterprise software security framework.
3. Explain security in project management.
4. Describe maturity of practice levels.
5. Explain organizational security governance.
6. Discuss security process integration in SDLC.
7. Explain risk governance.
8. Explain improving project security practices.
9. Discuss need for enterprise-level security.
10. Explain project security life cycle.

15 Marks:
1. Explain enterprise software security framework.
2. Discuss governance, security and its integration.
3. Describe secure project management practices.
4. Explain software security maturity models.
5. Explain governance, compliance and policy enforcement.

You might also like