TU Wien:Software Security VU (Weippl)/Midterm Exam 2017-06-27

Retake 2017S; 25 points possible, 11 questions:

1. Explain a technique of how to avoid SQL injections and describe it.
2. Explain briefly how OWASP SAMM works (components).
3. Name and briefly describe a threat modeling technique.
4. Name three secure design principles and describe them. (3 pts)
5. Why is correct disassembly of binaries sometimes so hard?
6. Draw a control flow graph for the given code sample (7 LOC). (4 pts)
7. ???
8. What is ELF and PE, what information is hidden inside?
9. Explain the obfuscation techniques "Branching Function" and "Identifier Name Scrambling". (2 pt)
10. How does a program detect if it's inside a VM environment?
11. Explain DEP/NX and ASLR. What are they used for?