Scribd Logo
Upload

Welcome to Scribd!

  • SS 2021 2022 Dec PDF

    Uploaded by

    叶佩丽
    6 views3 pages
    This document contains instructions for a final online assessment for a software security course taken by a Bachelor of Science student at Campbell University in North Carolina. The assessment consists of two questions relating to a software vulnerability in an application used by ABC Bank. [END SUMMARY]

    Original Description:

    Original Title

    SS 2021 2022 dec.pdf

    Copyright

    © © All Rights Reserved

    Available Formats

    PDF, TXT or read online from Scribd

    Did you find this document useful?

    Is this content inappropriate?

    Report this Document
    This document contains instructions for a final online assessment for a software security course taken by a Bachelor of Science student at Campbell University in North Carolina. The assessment consists of two questions relating to a software vulnerability in an application used by ABC Bank. [END SUMMARY]

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    6 views3 pages

    SS 2021 2022 Dec PDF

    Uploaded by

    叶佩丽
    This document contains instructions for a final online assessment for a software security course taken by a Bachelor of Science student at Campbell University in North Carolina. The assessment consists of two questions relating to a software vulnerability in an application used by ABC Bank. [END SUMMARY]

    Copyright:

    © All Rights Reserved
    Download as PDF, TXT or read online from Scribd
    Flag for inappropriate content
    of 3

    CAMPBELL UNIVERSITY

    NORTH CAROLINA, U. S. A.

    ACADEMIC YEAR 2021/2022

    DECEMBER EXAMINATION

    INFORMATION TECHNOLOGY BAIT2183(B)


    SOFTWARE SECURITY

    FRIDAY, 24 DECEMBER 2021 TIME: 9.00 AM – 12.00 NOON (3 HOURS)

    BACHELOR OF SCIENCE DEGREE

    Instructions to Candidates:

    Answer ALL questions in the requested format or template provided.

    ● This is a final online assessment. You MUST answer the assessment questions on your own
    without any assistance from other persons or resources.
    ● You must contact the lecturer immediately should there be any disruption to the video
    conferencing during the final online assessment.
    ● It is your responsibility to ensure all pages of the answer script are submitted. You will not be
    notified for any missing pages or incorrect submission of answer script.
    ● You must submit your answers within the following time frame allowed for this online
    assessment:
    o The deadline for the submission of your answers is half an hour from the end time of this
    online assessment.
    ● Penalty WILL BE IMPOSED on students who submit their answers late as follows:
    o The final marks of this online assessment will be reduced by 10 marks for answer scripts
    that are submitted within 30 minutes after the deadline for the submission of answers for
    this online assessment.
    o The final marks of this online assessment will be downgraded to zero (0) mark for any
    answer scripts that are submitted after one hour from the end time of this online
    assessment.
    ● Extenuating Mitigating Circumstance (EMC) encountered, if any, must be submitted to the
    Faculty/Branch/Centre within 48 hours after the date of this online assessment. All EMC
    applications must be supported with valid reasons and evidence. The UC EMC Guidelines
    apply.

    FOCS Additional Instructions to Candidates:


    ● Include your FULL NAME, STUDENT ID and PROGRAMME OF STUDY in your
    submission of answer.
    ● Read all the questions carefully and understand what you are being asked to answer.
    ● Marks are awarded for your own (original) analysis. Therefore, use the time and information
    to build well-constructed answers.

    STUDENT’S DECLARATION OF ORIGINALITY


    By submitting this online assessment, I declare that this submitted work is free from all forms of
    plagiarism and for all intents and purposes is my own properly derived work. I understand that I have
    to bear the consequences if I fail to do so.

    This question paper consists of 2 questions on 4 printed pages.


    2
    BAIT2183(B) SOFTWARE SECURITY

    Question 1

    Consider a weakness that happened on an application for ABC Bank. The application allows any user
    to sign up for an account using an email address only. Therefore, an attacker is able to exploit the
    weakness and obtain administrator privileges for the application. As a result, the attacker can access
    the administrator account. The attacker also has full control over the application such as manipulating
    user data.

    a) CWSS (Common Weakness Scoring System) provides a mechanism for prioritizing software
    weakness in a consistent manner.
    Use the CWSS calculator from this link (https://www.cwss-score.info/) and give a score
    (weight) for each factor of base finding metric group, attack surface metric group and
    environmental metric group based on the weakness from the scenario mentioned above. You
    are required to screenshot and attach the whole results in the space provided on the Answer
    Sheet.
    (8 marks)

    b) Discuss the subscores of the three metric groups (Base Finding metric group, Attack Surface
    metric group and Environmental metric group) based on the results obtained from Question 1
    a).

    (i) Base Finding Subscore

    (ii) Attack Surface Subscore

    (iii) Environmental Subscore


    (12 marks)

    c) Provide your comment about the CWSS score from the result obtained in Question 1 a).
    (5 marks)

    d) What do you think is the most likely cybersecurity attack that may happen to the application?
    Explain how the weakness of the application may be exploited that lead to the cybersecurity
    attack that you have identified. (1 + 4 marks)

    e) Describe THREE (3) implications for the system and company based on the possible
    cybersecurity attack was identified from Question 1 d). (6 marks)

    f) Propose and explain TWO (2) mitigations that can be done to overcome the weakness of the
    application. (8 marks)

    g) Suggest a suitable security testing tool to reveal the weakness in the security mechanism of the
    system. Justify your answer. (2 + 4 marks)

    [Total: 50 marks]

    This question paper consists of 2 questions on 3 printed pages.


    3
    BAIT2183(B) SOFTWARE SECURITY

    Question 2

    a) Illustrate in detail how the Secure Software Development Lifecycle may be applied during the
    development of ABC Bank’s application described in Question 1.
    (35 marks)

    b) Identify the FIVE (5) most crucial security requirements for ABC Bank. For each identified
    security requirement,
    • Write the security requirement and
    • The rationale for including the security requirement. Each rationale should include an
    example that is relevant to ABC Bank.
    (15 marks)

    [Total: 50 marks]

    This question paper consists of 2 questions on 3 printed pages.

    You might also like