questions about secure software development

1. What is security flaw? Explain with example

2. What are considerations for maintaining information security? Explain with example for each consideration

3. What are Functional requirements and non-functional requirements? What are the characteristics of non-functional requirements? Explain with example for each characteristic

4. What is software development life cycle (SDLC)? Explain SDLC’s 5 phases and corresponding tasks with examples

5. When the security measures are considered in SDLC? Why security experts are applying security measures during SDLC? Explain with example

6. Describe Security Perimeter and Attack Surface with example

7. Describe best practice: Apply Defense in Depth with example

8. What are difference in using positive security model and negative security model

9. What is security by obscurity and why it should be avoided? Explain with example

10.What is misuse case modeling in textbook? Explain with example

11. Write example of threat modeling. Also, what is risk analysis and consideration?

12.What is Cross Site Scripting (CWE79)? Provide example of Cross site scripting

13. What is embedded system and why security breach in embedded system is critical (explain with example)? What are bad assumptions that developers comes up?

14.Explain 7 key security risks for cloud application by Gartner Group with example for each risk (10 points)

15.Mobile applications are growing platform in software development. Explain 3 possible attacks and mitigation measures for mobile application (20 points)