Presentation is loading. Please wait.

Presentation is loading. Please wait.

CSCE 548 Secure Software Development Final Exam – Review 2016

Published byDomenic Spencer Modified over 6 years ago

Similar presentations

Presentation on theme: "CSCE 548 Secure Software Development Final Exam – Review 2016"— Presentation transcript:

1 CSCE 548 Secure Software Development Final Exam – Review 2016

2 Reading McGraw: Software Security: Chapters 1 – 9
24 deadly sins: as listed on class’ site Non-textbook reading: as listed on class’ site CSCE Farkas

3 Final Exam July 29, 2016, 8:30 am – 11:00 am
Closed book – 2 pages cheat sheet CSCE Farkas

4 Sample Questions – 24 deadly sins
Explain why casting operations may lead to integer overflows. Why is it dangerous to use “gets” to read input in C/C++ code? Recommend an alternate. What is the difference between attack patterns and taxonomy of programming errors? Indirect information flow may be created by inferences. Give an example of an unauthorized inference that cannot be controlled using traditional access control. Show an example code for SQL Injection. Explain the security problem. Why does a failed Windows impersonation create a security problem if not handled properly? Show the binary representations of the decimal numbers +70 and Show their addition using an 8 bits register. CSCE Farkas

5 Sample Questions Explain a way how buffer overruns occur. Which languages are the most vulnerable? Define covert and overt communication channels. Explain the 2 stages of the buffer overrun attack. Why do we have binary arithmetic operations that yield results different on paper than by a computer. Give an example. What type of access control Windows support? Give a common access control mistake in Windows environment. Should stored data be protected by the operating system security or by database management system security? CSCE Farkas

Download ppt "CSCE 548 Secure Software Development Final Exam – Review 2016"

Similar presentations

GCSE Computing Theory © gcsecomputing.net 1 GCSE Computing 2.14 Data Representation Binary Arithmetic.

GCSE Computing Theory © gcsecomputing.net 1 GCSE Computing 2.14 Data Representation Binary Arithmetic.
Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.
Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.
CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.

CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.
Data Representation – Chapter 3 Sections 3-2, 3-3, 3-4.

Data Representation – Chapter 3 Sections 3-2, 3-3, 3-4.
CSCE 548 Secure Software Development Test 1 Review.

CSCE 548 Secure Software Development Test 1 Review.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
MATSEC Past Papers May 2010 Paper 1 Paper 2A. What is the difference between each of the following pairs of items? Syntax Error Caused by forgetting certain.

MATSEC Past Papers May 2010 Paper 1 Paper 2A. What is the difference between each of the following pairs of items? Syntax Error Caused by forgetting certain.
CSCE 548 Secure Software Development Final Exam – Review.

CSCE 548 Secure Software Development Final Exam – Review.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim 09.11.2004.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Summary of what we learned yesterday Basics of C++ Format of a program Syntax of literals, keywords, symbols, variables Simple data types and arithmetic.

Summary of what we learned yesterday Basics of C++ Format of a program Syntax of literals, keywords, symbols, variables Simple data types and arithmetic.
Some possible final exam questions. DISCLAIMER models only These questions are models only. Some of these questions may or may not appear in the final.

Some possible final exam questions. DISCLAIMER models only These questions are models only. Some of these questions may or may not appear in the final.
CSCE 548 Secure Software Development Taxonomy of Coding Errors.

CSCE 548 Secure Software Development Taxonomy of Coding Errors.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
CSCE 548 Integer Overflows Format String Problem.

CSCE 548 Integer Overflows Format String Problem.
CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.

CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.
CSCE 548 Secure Software Development Information Leakage + Failing to Handle Errors.

CSCE 548 Secure Software Development Information Leakage + Failing to Handle Errors.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
The Instruction Set Architecture. Hardware – Software boundary Java Program C Program Ada Program Compiler Instruction Set Architecture Microcode Hardware.

The Instruction Set Architecture. Hardware – Software boundary Java Program C Program Ada Program Compiler Instruction Set Architecture Microcode Hardware.

Similar presentations

Ads by Google