CSCE 548 Secure Software Development Final Exam – Review 2016

Slides:

Advertisements

Similar presentations

GCSE Computing Theory © gcsecomputing.net 1 GCSE Computing 2.14 Data Representation Binary Arithmetic.

Advertisements

Network Security Attack Analysis. cs490ns - cotter2 Outline Types of Attacks Vulnerabilities Exploited Network Attack Phases Attack Detection Tools.

TaintCheck and LockSet LBA Reading Group Presentation by Shimin Chen.

Software and Software Vulnerabilities. Synopsis Array overflows Stack overflows String problems Pointer clobbering. Dynamic memory management Integer.

CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.

Data Representation – Chapter 3 Sections 3-2, 3-3, 3-4.

CSCE 548 Secure Software Development Test 1 Review.

Exploitation: Buffer Overflow, SQL injection, Adobe files Source:

MATSEC Past Papers May 2010 Paper 1 Paper 2A. What is the difference between each of the following pairs of items? Syntax Error Caused by forgetting certain.

CSCE 548 Secure Software Development Final Exam – Review.

Top Five Web Application Vulnerabilities Vebjørn Moen Selmersenteret/NoWires.org Norsk Kryptoseminar Trondheim

Summary of what we learned yesterday Basics of C++ Format of a program Syntax of literals, keywords, symbols, variables Simple data types and arithmetic.

Some possible final exam questions. DISCLAIMER models only These questions are models only. Some of these questions may or may not appear in the final.

CSCE 548 Secure Software Development Taxonomy of Coding Errors.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflows can be triggered by inputs that are designed to execute code, or alter the way the program.

CSCE 548 Integer Overflows Format String Problem.

CSCE 211: Digital Logic Design Chin-Tser Huang University of South Carolina.

CSCE 548 Secure Software Development Information Leakage + Failing to Handle Errors.

Security Attacks CS 795. Buffer Overflow Problem Buffer overflow Analysis of Buffer Overflow Attacks.

The Instruction Set Architecture. Hardware – Software boundary Java Program C Program Ada Program Compiler Instruction Set Architecture Microcode Hardware.

COP3502: Introduction to Computer Science Yashas Shankar Program Translation.

Writing Secure Programs. Program Security CSCE Farkas/Eastman - Fall Program Flaws Taxonomy of flaws: how (genesis) when (time) where (location)

973cs111_add_posneg.ppt Integers Whole numbers Do NOT contain decimal points (as in money) 43,689 is an integer 43, is NOT an integer (it is floating.

Classic Buffer OVERFLOW ATTACKS CSCE 548 Student Presentation Mouiad Al Wahah.

Computer Science 210 Computer Organization

Mitigation against Buffer Overflow Attacks

Computer Security Revision Week

XSS (Client-side) CSCE 548 Building Secure Software(07/20/2016)

CSCE 548 Secure Software Development Risk-Based Security Testing

Module: Software Engineering of Web Applications

Design for Security Pepper.

Chapter 7: Identifying Advanced Attacks

Chapter 4 Operations on Bits.

Integers’ Representation. Binary Addition. Two's Complement.

Udaya Shyama Pallathadka Ganapathi Bhat CSCE 548 Student Presentation

3.1 Denary, Binary and Hexadecimal Number Systems

Software Security Testing

Computer Architecture & Operations I

CSCE 211: Digital Logic Design

Secure Software Development: Theory and Practice

Security mechanisms and vulnerabilities in .NET

Cross Sight scripting: Type-2

Recent from Dr. Dan Lo regarding 12/11/17 Dept Exam

Computers & Programming Languages

Teaching Computing to GCSE

CSCE 211: Digital Logic Design

CSCE 211: Digital Logic Design

Arithmetic Logical Unit

CSCE 211: Digital Logic Design

Teaching Computing to GCSE

Computer Science 210 Computer Organization

Data Representation Limitations

CGS 3763 Operating Systems Concepts Spring 2013

Data Representation – Chapter 3

CSCE 211: Digital Logic Design

Topic 1: Data Representation

Mid Term II Review.

Chapter 3 DataStorage Foundations of Computer Science ã Cengage Learning.

Summary of what we learned yesterday

Final Review CSE321 B.Ramamurthy 4/10/2019 B.Ramamurthy.

CS5123 Software Validation and Quality Assurance

Software Security Slide Set #10 Textbook Chapter 11 Clicker Questions

Recent from Dr. Dan Lo regarding 12/11/17 Dept Exam

Buffer Overflow Slide Set #7 Textbook Chapter 10 Clicker Questions

CS 1308 Exam 2 Review.

Theory: 2.6 – Data Representation

Security and JavaScript

YEAR 8. YEAR 8 YEAR 8 HOMEWORK CHECKLIST DONE P L A N HOMEWORK LIONS 1: How could you improve your homework? HOMEWORK.

Presentation transcript:

CSCE 548 Secure Software Development Final Exam – Review 2016

Reading McGraw: Software Security: Chapters 1 – 9 24 deadly sins: as listed on class’ site Non-textbook reading: as listed on class’ site CSCE 548 - Farkas

Final Exam July 29, 2016, 8:30 am – 11:00 am Closed book – 2 pages cheat sheet CSCE 548 - Farkas

Sample Questions – 24 deadly sins Explain why casting operations may lead to integer overflows. Why is it dangerous to use “gets” to read input in C/C++ code? Recommend an alternate. What is the difference between attack patterns and taxonomy of programming errors? Indirect information flow may be created by inferences. Give an example of an unauthorized inference that cannot be controlled using traditional access control. Show an example code for SQL Injection. Explain the security problem. Why does a failed Windows impersonation create a security problem if not handled properly? Show the binary representations of the decimal numbers +70 and +80. Show their addition using an 8 bits register. CSCE 548 - Farkas

Sample Questions Explain a way how buffer overruns occur. Which languages are the most vulnerable? Define covert and overt communication channels. Explain the 2 stages of the buffer overrun attack. Why do we have binary arithmetic operations that yield results different on paper than by a computer. Give an example. What type of access control Windows support? Give a common access control mistake in Windows environment. Should stored data be protected by the operating system security or by database management system security? CSCE 548 - Farkas