IA 2 QB

Chapter 4
1. Compare Design flaw v/s security bug
2. Explain the concept of Secure Design
3. Explain Server-Side Security Validation
4.Explain the significance of Application
Partitioning.
5.Where should you store your application’s
secrets? How should your application access
your secrets?
6.Explain the concept of Segregation of
Production Data
7.Explain Application Security Activities

Chapter 5
1. Differentiate static testing v/s dynamic testing
2.Compare and contrast various static testing
techniques
3. Explain SAST v/s DAST
4.List and explain Manual Testing methods.
 5.Explain the significance of testing infrastructure
and databases.
6.Explain the significance of testing APIs and
Web services.
7.Write a short note on Dynamic Web
Applications Profiling.
Chapter 6
1.Define objectives of Threat Modeling
2.Why is threat modeling important?
3. List and explain the benefits of threat modeling
4.Explain the process of how to apply threat
model
5.List and explain the steps of how to define risk
mitigation strategies.
6.List and explain 3 approaches of threat modeling
7.Explain STRIDE model with property,
definition and example.
8.Explain risk centric threat modeling approach
using DREAD model
9. Discuss a case study of threat modeling within
SDLC
IA 1 QB
 Chapter 1
1. Explain Reconnaissance and its Steps
2. Explain the types of Reconnaissance.
3. Explain various Reconnaissance techniques.
4. Explain how to find Subdomains,
5. Explain how to perform API Analysis,
6. Explain how to Identify Weak Points in Application Architecture
7. Explain the following attacks with its methodology:
  Cross-Site Scripting (XSS): steps how to perform XSS, its types and
prevention techniques,
 Cross-Site Request Forgery (CSRF): steps how to perform CSRF, general
prevention techniques and CSRF Tokens to mitigate CSRF
 SQL Injection: how its performed and prevention strategies,
Parameterized Queries and Least Privileges (also covered in chapter 3)
 DOS attack
 Cross-Origin Resource Sharing (CORS) Vulnerabilities: steps how to
perform its types and mitigation strategies,
 Chapter 2
1. Explain how to Secure Modern Web Applications,
2. Explain Secure Application Architecture,
3. Explain Reviewing Code for Security,
4. Explain Vulnerability Discovery
5. Explain the defense techniques of the following attacks:
 Cross-Site Scripting (XSS), Cross-Site Request Forgery (CSRF), SQL
Injection, DOS attack
 Cross-Origin Resource Sharing (CORS) Vulnerabilities,
 Chapter 3
1. Explain the importance of Security Requirements (important security questions
that should be included)
2. Differentiate Cryptography, Encryption and Hashing.
3. Explain the concept of ‘Never Trust System Input’ with Input Validation
examples (study 1-2 examples)
4. Write a short on how to find vulnerability in Third-Party Components,
5. Explain how Security Headers are Seatbelts for Web Apps.
6. Discuss the mechanism of Securing Cookies.
7. Write a short note on Passwords and Storage.
8. Explain the significance of using HTTPS Everywhere.
9. Explain Framework Security Features and File Uploads
10. Write a note on Errors and Logging,
11. Explain the significance of Input Validation and Sanitization,
12. Explain the significance of Authorization and Authentication,
13. Explain how writing Parameterized Queries and Least Privileges mitigates SQL
Injection attack.
14. Explain the Requirements Checklist used for all your web application projects)