CAMPBELL UNIVERSITY
NORTH CAROLINA, U. 8. A.
ACADEMIC YEAR 2018/2019
SEPTEMBER EXAMINATION
INFORMATION TECHNOLOGY BAIT2183(B)
SOFTWARE SECURITY
WEDNESDAY, 12 SEPTEMBER 2018 ‘TIME: 2.00 PM ~ 3.00 PM (1 HOUR)
BACHELOR OF SCIENCE DEGREE.
Instructions to Candidates:
Answer ALL questions, All questions carry equal marks.
This question paper consists of 2 questions on 2 printed pages.BAIT2183(B) SOFTWARE SECURITY
Question 1
a)
b)
b)
°)
(What is principle and why it is important to be used in a software security design
phase? (2 marks)
(ii) Describe the following secure design principles:
‘+ Economy of mechanism (2 marks)
¢ Least common mechanism (2 marks)
Compare and contrast between security by admonition and security by designation, (8 marks)
Authentication requirement is any security requirement that specifies the extent to which a
business shall verify the identity of its extemnals before interacting with them.
Write TWO (2) authentication requirements for an Online Reservation System for identifying,
‘a customer who is attempting to log in to the system.
(Note: Write your answer using the following format)
Name I
Requirement |
Rationale
(1 marks)
[Total: 25 marks]
Information leakage is one of the most common security risks where an application reveals
sensitive data such as technical details of the web application, environment or user-specific
data,
(i) Identify TWO (2) potenti
impacts for this security vulnerability. (4 marks)
Gi) Discuss THREE (3) counter-measures that can be put in place to prevent this security
vulnerability. (9 marks)
Software security testing is essential to identify defects and vulnerabilities during the
development phases. Suggest TWO (2) types of security testing and elaborate how your
suggested security testing can help to reveal flaws in the security mechanism of a software
program, (6 marks)
“Testing shows the presence, not the absence of bugs.”
Write justifications to support the above statement by discussing the importance of software
security testing, (6 mar ts)
[Total: 25 marks
This question paper consists of 2 questions on 2 printed pages.