SlideShare a Scribd company logo

InFS6830 Secure Programming Questions Page 7 of 7Essay.docx

Download as DOCX, PDF
J
jaggernaoma

InFS6830 Secure Programming Questions Page 7 of 7 Essay Test Research and Resources At the minimum please consult the following resources to prepare you answers for the essay section of the midterm: · .NET Security and Cryptography - Chapters 1 thru 6 · Core Security Patterns: best Practices and Strategies for J2EE, Web Services and Identity Management - Chapters 1 thru 5 · Class Assignments 1 and 2 · Presentations, Links and other information in Blackboard Weeks 1 thru 4 · Course Document - Introduction to Application Programming · Course Document – Introduction to Procedural Application Development · Course Document – Introduction to Object Oriented Program and Application Development. Since you are a graduate student you are highly encouraged to supplement the previous listed research with your own personal research. Essay Testing Procedure This midterm essay will be worth 10% of your final. Use of laptops or other electronic devices are not permitted. Use of notes are not permitted. You are encouraged to write neatly. This is NOT a take-home test. You will be given ALL essay questions in advance of the test. By providing these essay questions in advance the instructor expects that you will prepare a quality answer using the guidelines listed below. While there is no time limit for the essay portion of the midterm, the instructor reserves the right to terminate the test if a student lingers after the majority of the students have completed the test and seems to be in a meditation state seeking inspiration from a higher being. While it is recognized that students may legitimate reasons to miss the midterm test date, it will be the responsibility of the student to coordinate with the instructor to meet his schedule. In addition, a retake of the midterm essay test may be possible if a student wants to improve their score. But, again it will be the responsibility of the student to coordinate with the instructor to meet his schedule for any all retakes. Essay Grading Procedure Each essay answer will be graded using the following criteria: · 80% - Content - Coverage of the assign topics with an continuous emphasis on security · 15% - Clear and understandable writing style that integrates and applies the assigned concept in a practical manner · 10% - Organization of answers, e.g., appropriate use of sub-headers or outline style, rough drawing will applicable, underlining of key points, etc. Other guidelines include: · Minor spelling and grammar errors will be ignored. A well-written and organized outline style will be permitted. · Minor omissions of essay topics will be ignored if the overall quality of the answer merits the treatment. There is no intention to nit-pick. · If I can't read your handwriting, the answer is not there. · You may cite personal experience to provide context for your answer, but your grade will be based only your demonstrated knowledge and application of the application of the topics.

Education
1 of 9
InFS6830 Secure Programming Questions Page 7 of 7 Essay Test Research and Resources At the minimum please consult the following resources to prepare you answers for the essay section of the midterm: · .NET Security and Cryptography - Chapters 1 thru 6 · Core Security Patterns: best Practices and Strategies for J2EE, Web Services and Identity Management - Chapters 1 thru 5 · Class Assignments 1 and 2 · Presentations, Links and other information in Blackboard Weeks 1 thru 4 · Course Document - Introduction to Application Programming · Course Document – Introduction to Procedural Application Development · Course Document – Introduction to Object Oriented Program and Application Development. Since you are a graduate student you are highly encouraged to supplement the previous listed research with your own personal research. Essay Testing Procedure This midterm essay will be worth 10% of your final. Use of laptops or other electronic devices are not permitted. Use of notes are not permitted. You are encouraged to write neatly. This is NOT a take-home test. You will be given ALL essay questions in advance of the test. By providing these essay questions in advance the instructor
expects that you will prepare a quality answer using the guidelines listed below. While there is no time limit for the essay portion of the midterm, the instructor reserves the right to terminate the test if a student lingers after the majority of the students have completed the test and seems to be in a meditation state seeking inspiration from a higher being. While it is recognized that students may legitimate reasons to miss the midterm test date, it will be the responsibility of the student to coordinate with the instructor to meet his schedule. In addition, a retake of the midterm essay test may be possible if a student wants to improve their score. But, again it will be the responsibility of the student to coordinate with the instructor to meet his schedule for any all retakes. Essay Grading Procedure Each essay answer will be graded using the following criteria: · 80% - Content - Coverage of the assign topics with an continuous emphasis on security · 15% - Clear and understandable writing style that integrates and applies the assigned concept in a practical manner · 10% - Organization of answers, e.g., appropriate use of sub- headers or outline style, rough drawing will applicable, underlining of key points, etc. Other guidelines include: · Minor spelling and grammar errors will be ignored. A well- written and organized outline style will be permitted. · Minor omissions of essay topics will be ignored if the overall quality of the answer merits the treatment. There is no intention
to nit-pick. · If I can't read your handwriting, the answer is not there. · You may cite personal experience to provide context for your answer, but your grade will be based only your demonstrated knowledge and application of the application of the topics - not your experience. · You are encouraged whenever appropriate to share research and answers with other students to improve the quality of your answers. But, your essay grade will be based on what you write on your essay. Essay 1 - Application Security Flaws and Exploits (20%) Overview of Application Security 1. Describe each of the following Application Security Concepts. A selection of the following concepts will be on the Essay Test. · Application Security Risks · Application Security Threats to Data · Application Security Threats to Service Availability · Application Security and Convenience Trade-Offs · Separation of Application Developer Duties · Code Hardening · Code Signing · Principle of Least Privilege · App Sandboxing · Software Privilege Separation Application Security Flaws and Exploits 2. Describe and provide an example the following critical
Application Security Flaws and Exploits. A selection of the following concepts will be on the Essay Test. · Buffer Input Validation Errors · Output Sanitation · SQL injection · Cross-site scripting · Session theft · Coding problems · Insecure Infrastructure configurations, e.g., web server · Deployment problems Essay 2 – Application Security and Object-Oriented Programming (20%) 1. Describe each of the following object-oriented programming concept both in terms of: a) functionality, and b) relationship to security and data integrity. A selection of the following concepts will be on the Essay Test. Object-Oriented Security Concepts Description and Functionality Security and Data Integrity Packages APIs Advantages and Disadvantages of Frameworks or Platforms Loosely versus strongly-typed
Automatic garbage collection Accessibility of Classes, Data and Methods Scope (Visibility) of data and Methods 2 Describe each of the following object-oriented programming concept both in terms of: a) functionality, and b) relationship to security and data integrity. A selection of the following concepts will be on the Essay Test. Object-Oriented Security Concepts Description and Functionality Security and Data Integrity Encapsulation Importing namespaces Instantiation of a package API (NEW) Inheritance or sub classing a parent class (Extended) Method Overriding
Inheritance of an Abstract Class Public Interfaces (IMPLEMENT) Method Overriding and FINAL Exception Handling Essay 3 – Program Vulnerabilities and Cryptography (20%) C-Programming Language Memory Vulnerabilities 1. Describe each of the following C-Programming Language Memory Vulnerabilities, Attacks or Mitigation Techniques. · Dangling Points · Double Frees · Memory Leaks · Stack-based buffer overflow attacks. · Heap-based buffer overflow attacks · Preventing buffer overflow attacks Digital Signatures, Digital Certificates and SSL/TLS 1. What are the differences between encryption, data integrity, and authentication? 2. What are the differences between a digital signature, digital
certificate? 3. Describe the limitations and security flaws of digital certificates. 4. Draw and overview diagram and describe the DETAILS of the security design and process of a Public Key Infrastructure (PKI), SSL/TLS, web browser client, application server and database server in a modern transaction system. Essay 4- .NET Application Development and Assembly Deployment The Instructor will randomly select either Essay 4 or Essay 5 during the test. Only one will be required. 1. Draw a clearly marked graphical overview of the .NET Application Development Process. Describe this process from the starting point of using an IDE to code source statements until the application assembly is deployed and executed. 2. Describe each of the following .NET framework application development concept or security concept. · Common Language Infrastructure, · Common Intermediate Language (CIL), · Assemblies · Managed code and type safety, · Common Language Runtime (CLR) · De-compilation (Reverse Engineering Attacks) and Obfuscation Essay 5 - Java Application Development and JAR Deployment The Instructor will randomly select either Essay 4 or Essay 5 during the test. Only one will be required.
1. Draw a graphical overview of the .JAVA Application Development Process. Describe this process from the starting point of using an IDE to code source statements until the application assembly is deployed and executed. 2. Describe each of the following Java framework application development concept or security concept. · Java SDK · Package · Byte code · ,JAVA and .CLASS Files · JAR files · Java Virtual Machine · Java Container · Bytecode verifier · Class loader Essay 6 - Android Application Development and Security (20%) 1. Describe the function and provide an example of each of the following Android Components, Messages or Filters. · Android Activity · Android Service · Android Content Providers · Android Intent and Intent Filters · Android Broadcast Receivers 2. Describe the function of the following Android application development and security concepts. · APK · Classes.dex · Native Code · Dalvik VM
· ADB · Android Manifest · Android Application Signing · Linux Identity 3. Describe the following pre-defined Android Application Permissions. · Normal · Dangerous · Signature · URI 4. Where are Android Permissions stored in an Android App, e.g., APK file? 5. What is the difference between and Android Application Permission and Android File Permission? 6. Compare the major security differences between Android Application Security with iOS Application Security.

Recommended

4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testingphanleson
 
Application and Website Security -- Developer Edition: Introducing Security I...
Application and Website Security -- Developer Edition: Introducing Security I...Application and Website Security -- Developer Edition: Introducing Security I...
Application and Website Security -- Developer Edition: Introducing Security I...Daniel Owens
 
An Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationAn Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationXiao Qin
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing pptPoonkodi Jayakumar
 
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docxaryan532920
 
201008 Software Testing Notes (part 1/2)
201008 Software Testing Notes (part 1/2)201008 Software Testing Notes (part 1/2)
201008 Software Testing Notes (part 1/2)Javier Gonzalez-Sanchez
 
Software coding and testing
Software coding and testingSoftware coding and testing
Software coding and testingSandeep Kumar Nayak
 
HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docx HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docxjoyjonna282
 

Recommended

4.Security Assessment And Testing
4.Security Assessment And Testing4.Security Assessment And Testing
4.Security Assessment And Testingphanleson
 
Application and Website Security -- Developer Edition: Introducing Security I...
Application and Website Security -- Developer Edition: Introducing Security I...Application and Website Security -- Developer Edition: Introducing Security I...
Application and Website Security -- Developer Edition: Introducing Security I...Daniel Owens
 
An Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationAn Application-Oriented Approach for Computer Security Education
An Application-Oriented Approach for Computer Security EducationXiao Qin
 
Software testing ppt
Software testing pptSoftware testing ppt
Software testing pptPoonkodi Jayakumar
 
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docx ISE 510 Final Project Milestone Two Guidelines and Rubric .docx
ISE 510 Final Project Milestone Two Guidelines and Rubric .docxaryan532920
 
201008 Software Testing Notes (part 1/2)
201008 Software Testing Notes (part 1/2)201008 Software Testing Notes (part 1/2)
201008 Software Testing Notes (part 1/2)Javier Gonzalez-Sanchez
 
Software coding and testing
Software coding and testingSoftware coding and testing
Software coding and testingSandeep Kumar Nayak
 
HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docx HND Assignment Brief Session Sept.docx
HND Assignment Brief Session Sept.docxjoyjonna282
 
A Survey on Design of Online Judge System
A Survey on Design of Online Judge SystemA Survey on Design of Online Judge System
A Survey on Design of Online Judge SystemIRJET Journal
 
Aim (A).pptx
Aim (A).pptxAim (A).pptx
Aim (A).pptx14941
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Atlantic Security Conference
 
Software Engineering Methodologies
Software Engineering MethodologiesSoftware Engineering Methodologies
Software Engineering MethodologiesNesrine Shokry
 
EC-Council secure programmer. net
EC-Council secure programmer. netEC-Council secure programmer. net
EC-Council secure programmer. netBOOSTurSKILLS
 
Ec-Council secure programmer. net
Ec-Council secure programmer. netEc-Council secure programmer. net
Ec-Council secure programmer. netBOOSTurSKILLS
 
Testing documents
Testing documentsTesting documents
Testing documentsHari Tiru
 
Reduce Third Party Developer Risks
Reduce Third Party Developer RisksReduce Third Party Developer Risks
Reduce Third Party Developer RisksKevo Meehan
 
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityAFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityDjindo Lee
 
Ieee829mtp
Ieee829mtpIeee829mtp
Ieee829mtpsephalika
 
Fm lecture 1 updated 3
Fm lecture 1 updated 3Fm lecture 1 updated 3
Fm lecture 1 updated 3Syed Haider
 
Test Driven Development:Unit Testing, Dependency Injection, Mocking
Test Driven Development:Unit Testing, Dependency Injection, MockingTest Driven Development:Unit Testing, Dependency Injection, Mocking
Test Driven Development:Unit Testing, Dependency Injection, Mockingmrjawright
 
Testing documents
Testing documentsTesting documents
Testing documentssuhasreddy1
 
Clean Infrastructure as Code
Clean Infrastructure as Code Clean Infrastructure as Code
Clean Infrastructure as Code QAware GmbH
 
Network Security LabNetwork Security Lab
Network Security LabNetwork Security LabNetwork Security LabNetwork Security Lab
Network Security LabNetwork Security LabKezialElizabeth
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer RiskSecurity Innovation
 
Ieee829mtp
Ieee829mtpIeee829mtp
Ieee829mtpAhmad Raza Aslam
 
Software Testing Principles and  Techniques
Software Testing Principles and  Techniques Software Testing Principles and  Techniques
Software Testing Principles and  Techniques suresh ramanujam
 
Manual Testing Interview Questions & Answers.docx
Manual Testing Interview Questions & Answers.docxManual Testing Interview Questions & Answers.docx
Manual Testing Interview Questions & Answers.docxssuser305f65
 
Amcat test-syllabus
Amcat test-syllabusAmcat test-syllabus
Amcat test-syllabusGaurav Upreti
 
Attached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxAttached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxjaggernaoma
 
Attached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxAttached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxjaggernaoma
 

More Related Content

Similar to InFS6830 Secure Programming Questions Page 7 of 7Essay.docx

A Survey on Design of Online Judge System
A Survey on Design of Online Judge SystemA Survey on Design of Online Judge System
A Survey on Design of Online Judge SystemIRJET Journal
 
Aim (A).pptx
Aim (A).pptxAim (A).pptx
Aim (A).pptx14941
 
Software Engineering Methodologies
Software Engineering MethodologiesSoftware Engineering Methodologies
Software Engineering MethodologiesNesrine Shokry
 
EC-Council secure programmer. net
EC-Council secure programmer. netEC-Council secure programmer. net
EC-Council secure programmer. netBOOSTurSKILLS
 
Ec-Council secure programmer. net
Ec-Council secure programmer. netEc-Council secure programmer. net
Ec-Council secure programmer. netBOOSTurSKILLS
 
Testing documents
Testing documentsTesting documents
Testing documentsHari Tiru
 
Reduce Third Party Developer Risks
Reduce Third Party Developer RisksReduce Third Party Developer Risks
Reduce Third Party Developer RisksKevo Meehan
 
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityAFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityDjindo Lee
 
Fm lecture 1 updated 3
Fm lecture 1 updated 3Fm lecture 1 updated 3
Fm lecture 1 updated 3Syed Haider
 
Test Driven Development:Unit Testing, Dependency Injection, Mocking
Test Driven Development:Unit Testing, Dependency Injection, MockingTest Driven Development:Unit Testing, Dependency Injection, Mocking
Test Driven Development:Unit Testing, Dependency Injection, Mockingmrjawright
 
Testing documents
Testing documentsTesting documents
Testing documentssuhasreddy1
 
Clean Infrastructure as Code
Clean Infrastructure as Code Clean Infrastructure as Code
Clean Infrastructure as Code QAware GmbH
 
Network Security LabNetwork Security Lab
Network Security LabNetwork Security LabNetwork Security LabNetwork Security Lab
Network Security LabNetwork Security LabKezialElizabeth
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer RiskSecurity Innovation
 
Software Testing Principles and  Techniques
Software Testing Principles and  Techniques Software Testing Principles and  Techniques
Software Testing Principles and  Techniques suresh ramanujam
 
Manual Testing Interview Questions & Answers.docx
Manual Testing Interview Questions & Answers.docxManual Testing Interview Questions & Answers.docx
Manual Testing Interview Questions & Answers.docxssuser305f65
 

Similar to InFS6830 Secure Programming Questions Page 7 of 7Essay.docx (20)

A Survey on Design of Online Judge System
A Survey on Design of Online Judge SystemA Survey on Design of Online Judge System
A Survey on Design of Online Judge System
 
Aim (A).pptx
Aim (A).pptxAim (A).pptx
Aim (A).pptx
 
Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011Arved sandstrom - the rotwithin - atlseccon2011
Arved sandstrom - the rotwithin - atlseccon2011
 
Software Engineering Methodologies
Software Engineering MethodologiesSoftware Engineering Methodologies
Software Engineering Methodologies
 
EC-Council secure programmer. net
EC-Council secure programmer. netEC-Council secure programmer. net
EC-Council secure programmer. net
 
Ec-Council secure programmer. net
Ec-Council secure programmer. netEc-Council secure programmer. net
Ec-Council secure programmer. net
 
Testing documents
Testing documentsTesting documents
Testing documents
 
Reduce Third Party Developer Risks
Reduce Third Party Developer RisksReduce Third Party Developer Risks
Reduce Third Party Developer Risks
 
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber SecurityAFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
AFITC 2018 - Using Process Maturity and Agile to Strengthen Cyber Security
 
Ieee829mtp
Ieee829mtpIeee829mtp
Ieee829mtp
 
Fm lecture 1 updated 3
Fm lecture 1 updated 3Fm lecture 1 updated 3
Fm lecture 1 updated 3
 
Test Driven Development:Unit Testing, Dependency Injection, Mocking
Test Driven Development:Unit Testing, Dependency Injection, MockingTest Driven Development:Unit Testing, Dependency Injection, Mocking
Test Driven Development:Unit Testing, Dependency Injection, Mocking
 
Testing documents
Testing documentsTesting documents
Testing documents
 
Clean Infrastructure as Code
Clean Infrastructure as Code Clean Infrastructure as Code
Clean Infrastructure as Code
 
Network Security LabNetwork Security Lab
Network Security LabNetwork Security LabNetwork Security LabNetwork Security Lab
Network Security LabNetwork Security Lab
 
5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk5 Ways to Reduce 3rd Party Developer Risk
5 Ways to Reduce 3rd Party Developer Risk
 
Ieee829mtp
Ieee829mtpIeee829mtp
Ieee829mtp
 
Software Testing Principles and  Techniques
Software Testing Principles and  Techniques Software Testing Principles and  Techniques
Software Testing Principles and  Techniques
 
Manual Testing Interview Questions & Answers.docx
Manual Testing Interview Questions & Answers.docxManual Testing Interview Questions & Answers.docx
Manual Testing Interview Questions & Answers.docx
 
Amcat test-syllabus
Amcat test-syllabusAmcat test-syllabus
Amcat test-syllabus
 

More from jaggernaoma

Attached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxAttached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxjaggernaoma
 
Attached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxAttached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxjaggernaoma
 
Attached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docxAttached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docxjaggernaoma
 
Attached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docxAttached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docxjaggernaoma
 
Attached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docxAttached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docxjaggernaoma
 
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docxAttached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docxjaggernaoma
 
Attached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docxAttached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docxjaggernaoma
 
Attached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docxAttached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docxjaggernaoma
 
Attached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docxAttached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docxjaggernaoma
 
Attached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docxAttached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docxjaggernaoma
 
Attached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docxAttached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docxjaggernaoma
 
Attached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docxAttached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docxjaggernaoma
 
Attached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docxAttached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docxjaggernaoma
 
Attached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docxAttached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docxjaggernaoma
 
attached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docxattached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docxjaggernaoma
 
Attach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docxAttach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docxjaggernaoma
 
Attach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docxAttach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docxjaggernaoma
 
Atomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docxAtomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docxjaggernaoma
 
Atomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docxAtomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docxjaggernaoma
 
Atoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docxAtoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docxjaggernaoma
 

More from jaggernaoma (20)

Attached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docxAttached is a joint letter to Capitol Hill to advocate for increased.docx
Attached is a joint letter to Capitol Hill to advocate for increased.docx
 
Attached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docxAttached is a copy of an interview done with a Tribal member regardi.docx
Attached is a copy of an interview done with a Tribal member regardi.docx
 
Attached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docxAttached Files Week 5 - trace IP Physical Location.rtf (38..docx
Attached Files Week 5 - trace IP Physical Location.rtf (38..docx
 
Attached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docxAttached here is a psychology article I need to be summarized. Pleas.docx
Attached here is a psychology article I need to be summarized. Pleas.docx
 
Attached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docxAttached Files News Analysis Sample.docxNews Analysis Sam.docx
Attached Files News Analysis Sample.docxNews Analysis Sam.docx
 
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docxAttached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
Attached Files  SOC-220_SOCIAL PROBLEMS PRESENTATION.docx
 
Attached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docxAttached below you will find the series of 4 questions. This assignm.docx
Attached below you will find the series of 4 questions. This assignm.docx
 
Attached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docxAttached below isWEEK 4 As always, include references. As alwa.docx
Attached below isWEEK 4 As always, include references. As alwa.docx
 
Attached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docxAttached are two articles in one document. Write thoughtful resp.docx
Attached are two articles in one document. Write thoughtful resp.docx
 
Attached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docxAttached are the instructions to the assignment.Written Assign.docx
Attached are the instructions to the assignment.Written Assign.docx
 
Attached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docxAttached are the instructions and rubric! Research Paper #2.docx
Attached are the instructions and rubric! Research Paper #2.docx
 
Attached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docxAttached are the guidelines for the Expertise Sharing Project. M.docx
Attached are the guidelines for the Expertise Sharing Project. M.docx
 
Attached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docxAttached are the documents needed to complete the assignment. The in.docx
Attached are the documents needed to complete the assignment. The in.docx
 
Attached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docxAttached are the 3 documents1. Draft copy submitted2. Sam.docx
Attached are the 3 documents1. Draft copy submitted2. Sam.docx
 
attached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docxattached are directions needed to complete this essay! Please make s.docx
attached are directions needed to complete this essay! Please make s.docx
 
Attach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docxAttach is the checklist For this Assignment, write a 3 and half pa.docx
Attach is the checklist For this Assignment, write a 3 and half pa.docx
 
Attach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docxAttach and submit the final draft of your Narrative Essay. Remember .docx
Attach and submit the final draft of your Narrative Essay. Remember .docx
 
Atomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docxAtomic Theory Scientists and Their ContributionsScientist .docx
Atomic Theory Scientists and Their ContributionsScientist .docx
 
Atomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docxAtomic models are useful because they allow us to picture what is in.docx
Atomic models are useful because they allow us to picture what is in.docx
 
Atoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docxAtoms and Electrons AssignmentLook at these websites to he.docx
Atoms and Electrons AssignmentLook at these websites to he.docx
 

Recently uploaded

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxiammrhaywood
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room servicediscovermytutordmt
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationnomboosow
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfsanyamsingh5019
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104misteraugie
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...Sapna Thakur
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformChameera Dedduwage
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdfQucHHunhnh
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)eniolaolutunde
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Celine George
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDThiyagu K
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13Steve Thomason
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...fonyou31
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityGeoBlogs
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfchloefrazer622
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introductionMaksud Ahmed
 

Recently uploaded (20)

SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptxSOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
SOCIAL AND HISTORICAL CONTEXT - LFTVD.pptx
 
9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service9548086042 for call girls in Indira Nagar with room service
9548086042 for call girls in Indira Nagar with room service
 
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"Mattingly "AI & Prompt Design: The Basics of Prompt Design"
Mattingly "AI & Prompt Design: The Basics of Prompt Design"
 
Interactive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communicationInteractive Powerpoint_How to Master effective communication
Interactive Powerpoint_How to Master effective communication
 
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptxINDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
INDIA QUIZ 2024 RLAC DELHI UNIVERSITY.pptx
 
Sanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdfSanyam Choudhary Chemistry practical.pdf
Sanyam Choudhary Chemistry practical.pdf
 
Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104Nutritional Needs Presentation - HLTH 104
Nutritional Needs Presentation - HLTH 104
 
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
BAG TECHNIQUE Bag technique-a tool making use of public health bag through wh...
 
A Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy ReformA Critique of the Proposed National Education Policy Reform
A Critique of the Proposed National Education Policy Reform
 
1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf1029-Danh muc Sach Giao Khoa khoi 6.pdf
1029-Danh muc Sach Giao Khoa khoi 6.pdf
 
Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)Software Engineering Methodologies (overview)
Software Engineering Methodologies (overview)
 
Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17Advanced Views - Calendar View in Odoo 17
Advanced Views - Calendar View in Odoo 17
 
Measures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SDMeasures of Dispersion and Variability: Range, QD, AD and SD
Measures of Dispersion and Variability: Range, QD, AD and SD
 
The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13The Most Excellent Way | 1 Corinthians 13
The Most Excellent Way | 1 Corinthians 13
 
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
Ecosystem Interactions Class Discussion Presentation in Blue Green Lined Styl...
 
Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1Código Creativo y Arte de Software | Unidad 1
Código Creativo y Arte de Software | Unidad 1
 
Paris 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activityParis 2024 Olympic Geographies - an activity
Paris 2024 Olympic Geographies - an activity
 
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
Mattingly "AI & Prompt Design: Structured Data, Assistants, & RAG"
 
Arihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdfArihant handbook biology for class 11 .pdf
Arihant handbook biology for class 11 .pdf
 
microwave assisted reaction. General introduction
microwave assisted reaction. General introductionmicrowave assisted reaction. General introduction
microwave assisted reaction. General introduction
 

InFS6830 Secure Programming Questions Page 7 of 7Essay.docx

  • 1. InFS6830 Secure Programming Questions Page 7 of 7 Essay Test Research and Resources At the minimum please consult the following resources to prepare you answers for the essay section of the midterm: · .NET Security and Cryptography - Chapters 1 thru 6 · Core Security Patterns: best Practices and Strategies for J2EE, Web Services and Identity Management - Chapters 1 thru 5 · Class Assignments 1 and 2 · Presentations, Links and other information in Blackboard Weeks 1 thru 4 · Course Document - Introduction to Application Programming · Course Document – Introduction to Procedural Application Development · Course Document – Introduction to Object Oriented Program and Application Development. Since you are a graduate student you are highly encouraged to supplement the previous listed research with your own personal research. Essay Testing Procedure This midterm essay will be worth 10% of your final. Use of laptops or other electronic devices are not permitted. Use of notes are not permitted. You are encouraged to write neatly. This is NOT a take-home test. You will be given ALL essay questions in advance of the test. By providing these essay questions in advance the instructor
  • 2. expects that you will prepare a quality answer using the guidelines listed below. While there is no time limit for the essay portion of the midterm, the instructor reserves the right to terminate the test if a student lingers after the majority of the students have completed the test and seems to be in a meditation state seeking inspiration from a higher being. While it is recognized that students may legitimate reasons to miss the midterm test date, it will be the responsibility of the student to coordinate with the instructor to meet his schedule. In addition, a retake of the midterm essay test may be possible if a student wants to improve their score. But, again it will be the responsibility of the student to coordinate with the instructor to meet his schedule for any all retakes. Essay Grading Procedure Each essay answer will be graded using the following criteria: · 80% - Content - Coverage of the assign topics with an continuous emphasis on security · 15% - Clear and understandable writing style that integrates and applies the assigned concept in a practical manner · 10% - Organization of answers, e.g., appropriate use of sub- headers or outline style, rough drawing will applicable, underlining of key points, etc. Other guidelines include: · Minor spelling and grammar errors will be ignored. A well- written and organized outline style will be permitted. · Minor omissions of essay topics will be ignored if the overall quality of the answer merits the treatment. There is no intention
  • 3. to nit-pick. · If I can't read your handwriting, the answer is not there. · You may cite personal experience to provide context for your answer, but your grade will be based only your demonstrated knowledge and application of the application of the topics - not your experience. · You are encouraged whenever appropriate to share research and answers with other students to improve the quality of your answers. But, your essay grade will be based on what you write on your essay. Essay 1 - Application Security Flaws and Exploits (20%) Overview of Application Security 1. Describe each of the following Application Security Concepts. A selection of the following concepts will be on the Essay Test. · Application Security Risks · Application Security Threats to Data · Application Security Threats to Service Availability · Application Security and Convenience Trade-Offs · Separation of Application Developer Duties · Code Hardening · Code Signing · Principle of Least Privilege · App Sandboxing · Software Privilege Separation Application Security Flaws and Exploits 2. Describe and provide an example the following critical
  • 4. Application Security Flaws and Exploits. A selection of the following concepts will be on the Essay Test. · Buffer Input Validation Errors · Output Sanitation · SQL injection · Cross-site scripting · Session theft · Coding problems · Insecure Infrastructure configurations, e.g., web server · Deployment problems Essay 2 – Application Security and Object-Oriented Programming (20%) 1. Describe each of the following object-oriented programming concept both in terms of: a) functionality, and b) relationship to security and data integrity. A selection of the following concepts will be on the Essay Test. Object-Oriented Security Concepts Description and Functionality Security and Data Integrity Packages APIs Advantages and Disadvantages of Frameworks or Platforms Loosely versus strongly-typed
  • 5. Automatic garbage collection Accessibility of Classes, Data and Methods Scope (Visibility) of data and Methods 2 Describe each of the following object-oriented programming concept both in terms of: a) functionality, and b) relationship to security and data integrity. A selection of the following concepts will be on the Essay Test. Object-Oriented Security Concepts Description and Functionality Security and Data Integrity Encapsulation Importing namespaces Instantiation of a package API (NEW) Inheritance or sub classing a parent class (Extended) Method Overriding
  • 6. Inheritance of an Abstract Class Public Interfaces (IMPLEMENT) Method Overriding and FINAL Exception Handling Essay 3 – Program Vulnerabilities and Cryptography (20%) C-Programming Language Memory Vulnerabilities 1. Describe each of the following C-Programming Language Memory Vulnerabilities, Attacks or Mitigation Techniques. · Dangling Points · Double Frees · Memory Leaks · Stack-based buffer overflow attacks. · Heap-based buffer overflow attacks · Preventing buffer overflow attacks Digital Signatures, Digital Certificates and SSL/TLS 1. What are the differences between encryption, data integrity, and authentication? 2. What are the differences between a digital signature, digital
  • 7. certificate? 3. Describe the limitations and security flaws of digital certificates. 4. Draw and overview diagram and describe the DETAILS of the security design and process of a Public Key Infrastructure (PKI), SSL/TLS, web browser client, application server and database server in a modern transaction system. Essay 4- .NET Application Development and Assembly Deployment The Instructor will randomly select either Essay 4 or Essay 5 during the test. Only one will be required. 1. Draw a clearly marked graphical overview of the .NET Application Development Process. Describe this process from the starting point of using an IDE to code source statements until the application assembly is deployed and executed. 2. Describe each of the following .NET framework application development concept or security concept. · Common Language Infrastructure, · Common Intermediate Language (CIL), · Assemblies · Managed code and type safety, · Common Language Runtime (CLR) · De-compilation (Reverse Engineering Attacks) and Obfuscation Essay 5 - Java Application Development and JAR Deployment The Instructor will randomly select either Essay 4 or Essay 5 during the test. Only one will be required.
  • 8. 1. Draw a graphical overview of the .JAVA Application Development Process. Describe this process from the starting point of using an IDE to code source statements until the application assembly is deployed and executed. 2. Describe each of the following Java framework application development concept or security concept. · Java SDK · Package · Byte code · ,JAVA and .CLASS Files · JAR files · Java Virtual Machine · Java Container · Bytecode verifier · Class loader Essay 6 - Android Application Development and Security (20%) 1. Describe the function and provide an example of each of the following Android Components, Messages or Filters. · Android Activity · Android Service · Android Content Providers · Android Intent and Intent Filters · Android Broadcast Receivers 2. Describe the function of the following Android application development and security concepts. · APK · Classes.dex · Native Code · Dalvik VM
  • 9. · ADB · Android Manifest · Android Application Signing · Linux Identity 3. Describe the following pre-defined Android Application Permissions. · Normal · Dangerous · Signature · URI 4. Where are Android Permissions stored in an Android App, e.g., APK file? 5. What is the difference between and Android Application Permission and Android File Permission? 6. Compare the major security differences between Android Application Security with iOS Application Security.