Professional Documents
Culture Documents
Instructions: Answer all the questions in your own terms. You can use the Internet for reference
but cannot use cut and paste to complete the answers.
Mobile/DID:
Role /
Responsibility:
Question 1: Have you had any training in secure code development in the past twelve months?
(Requirement 6.5)
☐ Yes ☐ No
Question 2: How would you write code to protect against un-validated Redirects and Forwards?
(Requirement 6.5)
Question 3: How do you develop code that will not be subjected to insecure Deserialization?
(Requirement 6.5)
Question 4: How do you develop code that will ensure sufficient logging and monitoring?
(Requirement 6.5)
Question 5: How do you develop code to prevent Broken Authentication sessions? (Requirement
6.2)
1
Question 6: For small changes, is it permitted to do the changes without using change control
process? (Requirements 6.3 and 6.4)
☐ Yes ☐ No
Question 7: What is the Industry Best Practice recognized process your SDLC process follows?
Example: SCRUM – Waterfall (Requirement 6.3)
Question 8: Are the platforms/servers and related operating servers to be used for your application,
taken into consideration as part of your development activities? (Requirement 6.3)
☐ Yes ☐ No
Question 9: What methodology do you use to appropriate time-outs and rotation of session IDs after
a successful login? (Requirement 6.5.10)
Question 10: What are the issues with the use of RC4 encryption for session protection?
(Requirement 2.2)
Question 12: What is the issue of placing the DEK encryption key in the application database?
(Requirement 3.5)
2
Question 13: What is the issue of placing the MFK encryption key in the application as part of the
code? (Requirements 3.5, 3.6)
Question14: When you write an application that requires a password to be used by a human, is it
permissible to hard-code this password into the application? (Requirement 8.5)
☐ Yes ☐ No
Question 15: What was the date of your last Security Awareness Training? (Requirement 12.6)
Click or tap to enter a date.
Question 16: What was the date you last acknowledged the Information Security Policy?
Click or tap to enter a date.