本文介绍了Coursera上关于软件安全的课程第四周的测验内容,涉及软件安全设计的重要性和相关问题。讨论了为何在软件构建后考虑安全性是错误的,解释了滥用案例的概念,强调了明确威胁模型在设计系统时的重要性。同时涵盖了如何防御窥探用户、拒绝服务攻击、身份验证等相关安全策略,并探讨了RSA加密系统、扩展数据管理系统等场景下的安全设计原则。
Week4 quiz
Why is waiting to think about security until after the software is built a bad idea?
You might make critical mistakes in the software’s design
Fixing problems once the software is built is more difficult and more expensive
You might miss important security requirements that necessitate a re-design
*All of the above
1 point
2.Question 2
What is an abuse case?
An official report made by MITRE Corp that describes a discovered software vulnerability and possible abuse of it
A scenario that illustrates a system’s functional requirements
*A scenario that illustrates a potential failure in security under relevant circumstances
An example of a heated disagreement between the security team and the development team
1 point
3.Question 3
Which of the following is a reason to make an explicit threat model when designing a system?
So that you avoid an incoherent defense
So you can defend against the most likely/costly/important attacks
So you can explicitly list and challenge assumptions that underlie your design
*All of the above
1 point
4.Question 4
Suppose you design software for a bank and the bank’s customers may remotely log into its site using commodity PCs. These PCs might have malware on them, which could log keystrokes or read files stored on the machine. Which threat model (using terms defined in the lectures) makes the most sense for you to consider, when desi
最低0.47元/天 解锁文章
扫一扫
7846
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
