TU Wien:Software Security VU (Weippl)/Final Exam 2013-06-20

From VoWi
Jump to navigation Jump to search
  • What are anti-requirements and abuse-cases + examples
  • Name 5 of the OWASP Top 10
  • Which other forms of "inputs" (other than user entered input) do you know?
  • some code with a prepared statement was given, what is the problem with that? (string was directly used in sql string)
  • What other countermeasures against SQL injection than prepared statements do you can use while developing?
  • How works Session-Fixation + countermeasures
  • How works CSRF + difference to XSS
  • Name and explain three sub-types of XSS
  • What is the same origin policy?
  • How works clickjacking + countermeasures
  • Name three vulnerabilities which are related to "Time and State" from the seven kingdoms
  • ...

+ 2 questions about maturity models (one like, what is the highest level in XY maturity level?, the other someting like, what have to do with the organisational things in the maturity level)