SECURE CODING (MTCSPC2002) Question Bank1

 

Course: SECURE CODING (MTCSPC2002)

UNIT I: Introduction to Secure Coding

1. Explain the key security concepts and the principles of security architecture.
2. Discuss common string manipulation errors and string vulnerabilities in C and C++.
3. Describe the process memory organization and how stack smashing occurs.
4. Explain code injection and arc injection with examples.
5. Analyze notable vulnerabilities in C and C++ programming.
6. What is pointer subterfuge? Discuss the types of pointer subterfuge and how they can be exploited.
7. Describe the role of the Global Offset Table in pointer manipulation.
8. Explain the use of the at_exit() and on_exit() functions in secure coding.
9. Discuss how the longjmp() function can be used in exception handling and its security implications.

UNIT II: Dynamic Memory Management and Integer Security

1. What are common dynamic memory management errors, and how can they be prevented?
2. Describe Doug Lea's memory allocator and its significance.
3. Explain the concept of RtlHeap and its role in memory management.
4. Discuss integer security and the types of integer error conditions.
5. Explain integer conversions and the potential vulnerabilities they introduce.
6. Describe notable vulnerabilities related to dynamic memory management.
7. What are non-exceptional integer logic errors? Provide examples.
8. Analyze how integer operations can lead to security vulnerabilities.

UNIT III: Formatted Output and File I/O

1. Explain the role of variadic functions in formatted output.
2. Discuss the exploitation of formatted output functions with examples.
3. What is stack randomization, and how does it enhance security?
4. Describe the importance of concurrency in file I/O operations.
5. Explain the time of check, time of use (TOCTOU) vulnerability and provide examples.
6. How can files be used as locks, and what are the security implications?
7. Discuss file system exploits and their impact on system security.

UNIT IV: Web Application Security

1. What is SQL injection, and how can it be mitigated?
2. Describe web server–related vulnerabilities such as XSS, XSRF, and response splitting.
3. Explain web client–related vulnerabilities with a focus on XSS.
4. Discuss the use of magic URLs and the associated security risks.
5. Provide examples of common web application security flaws and their remedies.

UNIT V: Predictable Cookies and Hidden Form Fields

1. Explain the concept of predictable cookies and how they can be exploited.
2. Discuss the role of hidden form fields in web application security.
3. What are CWE references, and how are they used in secure coding?
4. Analyze the impact of predictable cookies on web application security.
5. Explain the process of spotting patterns in code review for hidden form fields.
6. Discuss testing techniques for identifying security issues related to predictable cookies and hidden form fields.
7. Describe the redemption steps for securing web applications against predictable cookies and hidden form fields.

 

Share this

p L