Scribd Logo
Upload

Welcome to Scribd!

  • Assessment Questions For Developers

    Uploaded by

    Djordje Milutinovic
    17 views3 pages

    Original Title

    2020 Assessment Questions_Developers

    Copyright

    © © All Rights Reserved

    Available Formats

    DOCX, PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    17 views3 pages

    Assessment Questions For Developers

    Uploaded by

    Djordje Milutinovic

    Copyright:

    © All Rights Reserved
    Download as DOCX, PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    Assessment Questions for Developers

    Instructions: Answer all the questions in your own terms. You can use the Internet for reference
    but cannot use cut and paste to complete the answers.

    Full Name:            


    Last First
    Email:      

    Mobile/DID:      
    Role /
    Responsibility:      

    Question 1: Have you had any training in secure code development in the past twelve months?
    (Requirement 6.5)
    ☐ Yes ☐ No

    Question 2: How would you write code to protect against un-validated Redirects and Forwards?
    (Requirement 6.5)

         
         
         

    Question 3: How do you develop code that will not be subjected to insecure Deserialization?
    (Requirement 6.5)

         
         
         

    Question 4: How do you develop code that will ensure sufficient logging and monitoring?
    (Requirement 6.5)

         
         
         

    Question 5: How do you develop code to prevent Broken Authentication sessions? (Requirement
    6.2)

    1
         
         
         

    Question 6: For small changes, is it permitted to do the changes without using change control
    process? (Requirements 6.3 and 6.4)
    ☐ Yes ☐ No

    Question 7: What is the Industry Best Practice recognized process your SDLC process follows?
    Example: SCRUM – Waterfall (Requirement 6.3)

         
         
         

    Question 8: Are the platforms/servers and related operating servers to be used for your application,
    taken into consideration as part of your development activities? (Requirement 6.3)
    ☐ Yes ☐ No

    Question 9: What methodology do you use to appropriate time-outs and rotation of session IDs after
    a successful login? (Requirement 6.5.10)

         
         
         

    Question 10: What are the issues with the use of RC4 encryption for session protection?
    (Requirement 2.2)

         
         
         

    Question 11: Is SHA 1 viewed as strong encryption/hash? (Requirement 3.6)


    ☐ Yes ☐ No

    Question 12: What is the issue of placing the DEK encryption key in the application database?
    (Requirement 3.5)

         
         
    2
         

    Question 13: What is the issue of placing the MFK encryption key in the application as part of the
    code? (Requirements 3.5, 3.6)

         
         
         

    Question14: When you write an application that requires a password to be used by a human, is it
    permissible to hard-code this password into the application? (Requirement 8.5)
    ☐ Yes ☐ No

    Question 15: What was the date of your last Security Awareness Training? (Requirement 12.6)
    Click or tap to enter a date.

    Question 16: What was the date you last acknowledged the Information Security Policy?
    Click or tap to enter a date.

    You might also like