CSCE 548 Secure Software Development Final Exam – Review 2016

Slides:



Advertisements
Similar presentations
GCSE Computing Theory © gcsecomputing.net 1 GCSE Computing 2.14 Data Representation Binary Arithmetic.
Advertisements

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.
TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.
Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.
CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.
Data Representation – Chapter 3 Sections 3-2, 3-3, 3-4.
CSCE 548 Secure Software Development Test 1 Review.
Exploitation: Buffer Overflow, SQL injection, Adobe files Source:
MATSEC Past Papers May 2010 Paper 1 Paper 2A. What is the difference between each of the following pairs of items? Syntax Error Caused by forgetting certain.
CSCE 548 Secure Software Development Final Exam – Review.
Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim
Summary of what we learned yesterday Basics of C++ Format of a program Syntax of literals, keywords, symbols, variables Simple data types and arithmetic.
Some possible final exam questions. DISCLAIMER models only These questions are models only. Some of these questions may or may not appear in the final.
CSCE 548 Secure Software Development Taxonomy of Coding Errors.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.
CSCE 548 Integer Overflows Format String Problem.
CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.
CSCE 548 Secure Software Development Information Leakage + Failing to Handle Errors.
Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.
The Instruction Set Architecture. Hardware – Software boundary Java Program C Program Ada Program Compiler Instruction Set Architecture Microcode Hardware.
COP3502: Introduction to Computer Science Yashas Shankar Program Translation.
Writing Secure Programs. Program Security CSCE Farkas/Eastman - Fall Program Flaws Taxonomy of flaws: how (genesis) when (time) where (location)
973cs111_add_posneg.ppt Integers Whole numbers Do NOT contain decimal points (as in money) 43,689 is an integer 43, is NOT an integer (it is floating.
Classic Buffer OVERFLOW ATTACKS CSCE 548 Student Presentation Mouiad Al Wahah.
Computer Science 210 Computer Organization
Mitigation against Buffer Overflow Attacks
Computer Security Revision Week
SQL Injection.
XSS (Client-side) CSCE 548 Building Secure Software(07/20/2016)
CSCE 548 Secure Software Development Risk-Based Security Testing
Module: Software Engineering of Web Applications
Design for Security Pepper.
Chapter 7: Identifying Advanced Attacks
Chapter 4 Operations on Bits.
Integers’ Representation. Binary Addition. Two's Complement.
Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation
3.1 Denary, Binary and Hexadecimal Number Systems
Software Security Testing
Computer Architecture & Operations I
CSCE 211: Digital Logic Design
Secure Software Development: Theory and Practice
Security mechanisms and vulnerabilities in .NET
Cross Sight scripting: Type-2
Recent from Dr. Dan Lo regarding 12/11/17 Dept Exam
Computers & Programming Languages
Teaching Computing to GCSE
CSCE 211: Digital Logic Design
CSCE 211: Digital Logic Design
Arithmetic Logical Unit
CSCE 211: Digital Logic Design
Teaching Computing to GCSE
Computer Science 210 Computer Organization
Data Representation Limitations
CGS 3763 Operating Systems Concepts Spring 2013
Data Representation – Chapter 3
CSCE 211: Digital Logic Design
Topic 1: Data Representation
Mid Term II Review.
Chapter 3 DataStorage Foundations of Computer Science ã Cengage Learning.
Summary of what we learned yesterday
Final Review CSE321 B.Ramamurthy 4/10/2019 B.Ramamurthy.
CS5123 Software Validation and Quality Assurance
Software Security Slide Set #10 Textbook Chapter 11 Clicker Questions
Recent from Dr. Dan Lo regarding 12/11/17 Dept Exam
Buffer Overflow Slide Set #7 Textbook Chapter 10 Clicker Questions
Binary.
CS 1308 Exam 2 Review.
Theory: 2.6 – Data Representation
Security and JavaScript
YEAR 8. YEAR 8 YEAR 8 HOMEWORK CHECKLIST DONE P L A N HOMEWORK LIONS 1: How could you improve your homework? HOMEWORK.
Presentation transcript:

CSCE 548 Secure Software Development Final Exam – Review 2016

Reading McGraw: Software Security: Chapters 1 – 9 24 deadly sins: as listed on class’ site Non-textbook reading: as listed on class’ site CSCE 548 - Farkas

Final Exam July 29, 2016, 8:30 am – 11:00 am Closed book – 2 pages cheat sheet CSCE 548 - Farkas

Sample Questions – 24 deadly sins Explain why casting operations may lead to integer overflows. Why is it dangerous to use “gets” to read input in C/C++ code? Recommend an alternate. What is the difference between attack patterns and taxonomy of programming errors? Indirect information flow may be created by inferences. Give an example of an unauthorized inference that cannot be controlled using traditional access control. Show an example code for SQL Injection. Explain the security problem. Why does a failed Windows impersonation create a security problem if not handled properly? Show the binary representations of the decimal numbers +70 and +80. Show their addition using an 8 bits register. CSCE 548 - Farkas

Sample Questions Explain a way how buffer overruns occur. Which languages are the most vulnerable? Define covert and overt communication channels. Explain the 2 stages of the buffer overrun attack. Why do we have binary arithmetic operations that yield results different on paper than by a computer. Give an example. What type of access control Windows support? Give a common access control mistake in Windows environment. Should stored data be protected by the operating system security or by database management system security? CSCE 548 - Farkas