TUNKU ABDUL RAHMAN UNIVERSITY OF MANAGEMENT AND TECHNOLOGY FACULTY OF COMPUTING AND INFORMATION TECHNOLOGY ACADEMIC YEAR 2022/2023 JANUARY EXAMINATION, INFORMATION TECHNOLOGY BAIT2183 SOFTWARE SECURITY TUESDAY, 10 JANUARY 2023 ‘TIME: 9.00 AM ~ 11.00 AM (2 HOURS) BACHELOR OF INFORMATION TECHNOLOGY (HONOURS) IN INFORMATION SECURITY Instructions to Candidates: Answer ALL questions. All questions carry equal marks, ‘This question paper consists of 4 questions on 2 printed pages.BAIT2183 SOFTWARE SECURITY Question 1 a) Explain application security and software security. (6 marks) b) Contrast application security with software security. (® Provide THREE (3) differences for each. (12 marks) (ii) Provide TWO (2) examples for each. (4 marks) (iii) State ONE (1) control of each. (3 marks) (Total: 25 marks) Question 2 a) Describe buffer overflow. (3 marks) b)— Mlustrate « Buffer overflow attack with a diagram, (7 marks) ©) __Is buffer overflow considered a vulnerability? Provide the reason, (5 marks) 4) Briefly explain FIVE (5) countermeasures to prevent buffer overflow attacks. (10 marks) [Total: 25 marks) Question 3 a) Explain exceptions and classify the TWO (2) types of exceptions. (7 marks) b) Provide TWO (2) benefits and ONE (1) weakness for backdoor access code. (9 marks) ©) Explain centralised logging and TWO (2) of its uses. (9 marks) {Total: 25 marks] Question 4 a) Contrast reflected XSS with stored XSS. Illustrate both using diagrams. (14 marks) b) State THREE (3) good error handling techniques fot web application, (6 marks) ©) Prepare TWO (2) ways to avoid the XSS attack, (5 marks) |: 25 marks] “This question paper consists of 4 questions on 2 printed pages,