TU Wien:Software Security VU (Weippl)/Midterm Exam 2017-06-27
Jump to navigation Jump to search
Retake 2017S; 25 points possible, 11 questions:
- Explain a technique of how to avoid SQL injections and describe it.
- Explain briefly how OWASP SAMM works (components).
- Name and briefly describe a threat modeling technique.
- Name three secure design principles and describe them. (3 pts)
- Why is correct disassembly of binaries sometimes so hard?
- Draw a control flow graph for the given code sample (7 LOC). (4 pts)
- What is ELF and PE, what information is hidden inside?
- Explain the obfuscation techniques "Branching Function" and "Identifier Name Scrambling". (2 pt)
- How does a program detect if it's inside a VM environment?
- Explain DEP/NX and ASLR. What are they used for?