TU Wien:Software Security VU (Weippl)/Final Exam 2017-06-09

From VoWi
Jump to navigation Jump to search

Some questions I can remember:

  • What is a proof-of-work? Also explain what difficulty has to do with it.
  • Give the definition of a test oracle and provide one for testing the authentication functionality of a website. The oracle has the form of a requirement.
  • Explain Security Testing and Penetration Testing, what is the difference?
  • Assume you are given a combinatorial attack grammar for XSS having k types and g derivation rules per type to form an attack vector. Which of the following is more cost effective in terms of combinatorial testing. Adding more types or more derivation rules per type in the grammar? Justify your answer.
  • Explain the process of creation/verification when creating a new block in Ethereum.
  • Write a BNF/ABNF/EBNF grammar for a datetime format.
  • Name 2 test methods for testing a TLS/SSL implementation.