CAMPBELL UNIVERSITY NORTH CAROLINA, U. 8. A. ACADEMIC YEAR 2018/2019 SEPTEMBER EXAMINATION INFORMATION TECHNOLOGY BAIT2183(B) SOFTWARE SECURITY WEDNESDAY, 12 SEPTEMBER 2018 ‘TIME: 2.00 PM ~ 3.00 PM (1 HOUR) BACHELOR OF SCIENCE DEGREE. Instructions to Candidates: Answer ALL questions, All questions carry equal marks. This question paper consists of 2 questions on 2 printed pages.BAIT2183(B) SOFTWARE SECURITY Question 1 a) b) b) °) (What is principle and why it is important to be used in a software security design phase? (2 marks) (ii) Describe the following secure design principles: ‘+ Economy of mechanism (2 marks) ¢ Least common mechanism (2 marks) Compare and contrast between security by admonition and security by designation, (8 marks) Authentication requirement is any security requirement that specifies the extent to which a business shall verify the identity of its extemnals before interacting with them. Write TWO (2) authentication requirements for an Online Reservation System for identifying, ‘a customer who is attempting to log in to the system. (Note: Write your answer using the following format) Name I Requirement | Rationale (1 marks) [Total: 25 marks] Information leakage is one of the most common security risks where an application reveals sensitive data such as technical details of the web application, environment or user-specific data, (i) Identify TWO (2) potenti impacts for this security vulnerability. (4 marks) Gi) Discuss THREE (3) counter-measures that can be put in place to prevent this security vulnerability. (9 marks) Software security testing is essential to identify defects and vulnerabilities during the development phases. Suggest TWO (2) types of security testing and elaborate how your suggested security testing can help to reveal flaws in the security mechanism of a software program, (6 marks) “Testing shows the presence, not the absence of bugs.” Write justifications to support the above statement by discussing the importance of software security testing, (6 mar ts) [Total: 25 marks This question paper consists of 2 questions on 2 printed pages.