Professional Documents
Culture Documents
NORTH CAROLINA, U. S. A.
DECEMBER EXAMINATION
Instructions to Candidates:
● This is a final online assessment. You MUST answer the assessment questions on your own
without any assistance from other persons or resources.
● You must contact the lecturer immediately should there be any disruption to the video
conferencing during the final online assessment.
● It is your responsibility to ensure all pages of the answer script are submitted. You will not be
notified for any missing pages or incorrect submission of answer script.
● You must submit your answers within the following time frame allowed for this online
assessment:
o The deadline for the submission of your answers is half an hour from the end time of this
online assessment.
● Penalty WILL BE IMPOSED on students who submit their answers late as follows:
o The final marks of this online assessment will be reduced by 10 marks for answer scripts
that are submitted within 30 minutes after the deadline for the submission of answers for
this online assessment.
o The final marks of this online assessment will be downgraded to zero (0) mark for any
answer scripts that are submitted after one hour from the end time of this online
assessment.
● Extenuating Mitigating Circumstance (EMC) encountered, if any, must be submitted to the
Faculty/Branch/Centre within 48 hours after the date of this online assessment. All EMC
applications must be supported with valid reasons and evidence. The UC EMC Guidelines
apply.
Question 1
Consider a weakness that happened on an application for ABC Bank. The application allows any user
to sign up for an account using an email address only. Therefore, an attacker is able to exploit the
weakness and obtain administrator privileges for the application. As a result, the attacker can access
the administrator account. The attacker also has full control over the application such as manipulating
user data.
a) CWSS (Common Weakness Scoring System) provides a mechanism for prioritizing software
weakness in a consistent manner.
Use the CWSS calculator from this link (https://www.cwss-score.info/) and give a score
(weight) for each factor of base finding metric group, attack surface metric group and
environmental metric group based on the weakness from the scenario mentioned above. You
are required to screenshot and attach the whole results in the space provided on the Answer
Sheet.
(8 marks)
b) Discuss the subscores of the three metric groups (Base Finding metric group, Attack Surface
metric group and Environmental metric group) based on the results obtained from Question 1
a).
c) Provide your comment about the CWSS score from the result obtained in Question 1 a).
(5 marks)
d) What do you think is the most likely cybersecurity attack that may happen to the application?
Explain how the weakness of the application may be exploited that lead to the cybersecurity
attack that you have identified. (1 + 4 marks)
e) Describe THREE (3) implications for the system and company based on the possible
cybersecurity attack was identified from Question 1 d). (6 marks)
f) Propose and explain TWO (2) mitigations that can be done to overcome the weakness of the
application. (8 marks)
g) Suggest a suitable security testing tool to reveal the weakness in the security mechanism of the
system. Justify your answer. (2 + 4 marks)
[Total: 50 marks]
Question 2
a) Illustrate in detail how the Secure Software Development Lifecycle may be applied during the
development of ABC Bank’s application described in Question 1.
(35 marks)
b) Identify the FIVE (5) most crucial security requirements for ABC Bank. For each identified
security requirement,
• Write the security requirement and
• The rationale for including the security requirement. Each rationale should include an
example that is relevant to ABC Bank.
(15 marks)
[Total: 50 marks]