Software Security Exam Notes

1. Threats (Definition + 10 Points):

Definition: A threat is any potential danger that can exploit a
vulnerability in a system to cause harm or loss to assets like data,
operations, or reputation.

1. Unauthorized access: When an attacker gains access to a system or

resource without permission, often through password cracking or
exploiting vulnerabilities.
2. Data breaches: The unauthorized access and exposure of
confidential information such as personal, financial, or business data.
3. Denial-of-Service (DoS) attacks: These attacks overwhelm a system
with traffic, making it unavailable to legitimate users, often causing
financial and reputational loss.
4. Malware: Malicious software like viruses, worms, ransomware, and
trojans that damage or steal data from systems.
5. Phishing: A social engineering attack where attackers deceive users
into revealing sensitive information like login credentials.
6. Insider threats: Threats originating from within the organization,
such as disgruntled employees misusing their access privileges.
7. Zero-day exploits: Attacks that target previously unknown
vulnerabilities before they are patched by developers.
8. Session hijacking: An attacker steals or manipulates a valid
computer session to gain unauthorized access to information or
services.
9. Man-in-the-middle (MITM): Attackers intercept communications
between two parties to steal or alter transmitted data.
10. SQL Injection: A code injection technique that allows attackers to
manipulate backend SQL queries and access unauthorized data.

2. Threat Modelling within SDLC (Definition + 10 Points):

Definition: Threat modeling is the process of identifying, analyzing, and
addressing potential security threats during software development.
1. Initiated early in SDLC: Threat modeling begins during the
requirement phase to address risks proactively.
2. Supports secure design: Guides architects and developers in making
security-conscious design choices.
3. Asset identification: Determines valuable components like data,
credentials, or systems that must be protected.
4. Attack surface analysis: Identifies entry points that attackers might
exploit.
5. Use of STRIDE: Helps categorize threats—Spoofing, Tampering,
Repudiation, Information Disclosure, Denial of Service, Elevation of
Privilege.
6. DREAD risk scoring: Assesses risks based on five parameters:
Damage, Reproducibility, Exploitability, Affected Users, Discoverability.
7. Data flow diagrams (DFDs): Visual tools to understand how data
moves and where it may be intercepted.
8. Stakeholder collaboration: Involves developers, security experts,
and business analysts to ensure holistic analysis.
9. Iterative refinement: Updated as application evolves during
development lifecycle.
10. Prioritization and mitigation: Facilitates identifying high-risk
threats and planning effective countermeasures.
(Diagram: Threat Modeling with STRIDE applied on DFD.)

3. Improve App Security (Definition + 10 Points):

Definition: Improving app security involves applying proactive
strategies and tools to prevent vulnerabilities and ensure the
application resists attacks.

1. Secure development lifecycle: Integrate security at all phases of

SDLC.
2. Secure coding guidelines: Use best practices like avoiding hard-
coded credentials, input sanitization.
3. Strong authentication mechanisms: Apply MFA and OAuth to
prevent unauthorized access.
4. Encryption protocols: Implement HTTPS, TLS to protect data in
transit and at rest.
5. Security headers: Use headers like Content-Security-Policy to
prevent XSS.
6. Regular updates and patching: Keep libraries, dependencies up-to-
date.
7. Automated vulnerability scanning: Use SAST/DAST tools to detect
weaknesses.
8. Penetration testing: Simulate real-world attacks to uncover hidden
flaws.
9. Secure API design: Use authentication, rate-limiting, and schema
validation for APIs.
10. Security-focused culture: Train teams regularly and conduct
security reviews.

4. Security in Software Development Life Cycle (Definition + 10

Points):
Definition: It involves integrating security at each stage of software
development to ensure a secure product.

1. Requirement phase: Gather security requirements based on threat

modeling and compliance needs.
2. Design phase: Identify design-level vulnerabilities and implement
secure architecture.
3. Development phase: Apply secure coding practices and run code
analysis tools.
4. Testing phase: Perform SAST, DAST, and penetration testing.
5. Deployment phase: Enforce secure configurations, secrets
management.
6. Maintenance phase: Apply patches and monitor for threats post-
release.
7. Security gates: Define checks before promoting code between
environments.
8. Security checklists: Provide step-by-step validation for each SDLC
phase.
9. DevSecOps integration: Automate security into CI/CD pipelines.
10. Security audits: Review code, configurations, and practices
regularly.
(Diagram: SDLC with Security Activities Mapped at Each Phase.)

5. Dynamic Web App Profiling (Definition + 10 Points):

Definition: It is the process of evaluating a web application in real time
to detect security vulnerabilities and abnormal behaviors during
execution.

1. DAST tools: Use tools like OWASP ZAP, Burp Suite to scan running
applications.
2. Simulated attacks: Test for SQLi, XSS, CSRF by submitting malicious
inputs.
3. Session and authentication tests: Detect insecure session handling.
4. Cookie analysis: Inspect cookie flags for security (e.g., HttpOnly,
Secure).
5. Runtime behavior: Observe how the app handles unexpected inputs
or loads.
6. Input/output inspection: Check data escaping and encoding.
7. Access control: Test if users can bypass roles or permissions.
8. Error message evaluation: Ensure sensitive details are not leaked.
9. Environment-specific testing: Tailor profiling for dev, staging, and
production.
10. Compliance validation: Confirm adherence to policies like PCI-DSS,
OWASP Top 10.
(Diagram: DAST Workflow from Browser to Server to Reports.)

6. Risk Mitigation Strategy (Definition + 10 Points + Example):

Definition: A risk mitigation strategy outlines how to reduce the
likelihood or impact of potential security risks.

1. Risk identification: Determine where vulnerabilities exist.

2. Risk prioritization: Use frameworks like CVSS for criticality ranking.
3. Avoidance: Eliminate risky features or redesign.
4. Reduction: Apply encryption, input validation, or firewalls.
5. Sharing/transfer: Use cloud SLAs or insurance for liability.
6. Acceptance: Acknowledge low-impact risks with monitoring.
7. Contingency planning: Create playbooks for potential attacks.
8. Redundancy and backups: Recover quickly from disruption.
9. Security awareness training: Minimize risks from human error.
10. Audit and review: Ensure strategy effectiveness through periodic
checks.
Example: Encrypting sensitive data to reduce the impact of data
breaches.
(Diagram: Risk Matrix (Likelihood vs Impact).)

7. Risk-Based Variants (Definition + 10 Points): Definition:

Risk-based variants refer to different approaches or versions of

development/testing strategies based on the level of risk associated
with specific components or features.

1. Prioritized testing: Focus on high-risk modules for in-depth

testing and analysis.

2. Security profiling: Differentiate features as high, medium, or low

risk based on data sensitivity and exposure.

3. Custom mitigation plans: Apply varied security controls

according to the risk level.

4. Tiered environments: Create separate workflows for critical and

non-critical systems.

5. Risk-adjusted SDLC: Modify development life cycle activities

based on assessed risks.

6. Compliance mapping: Align risk variants with industry

standards (e.g., HIPAA, PCI-DSS).

7. Incident response planning: Tailor incident protocols based on

risk severity.
 8. Monitoring intensity: Allocate more resources to monitor high-
risk assets.

9. Audit frequency: Conduct more frequent audits on high-risk

modules.

10. Budget allocation: Invest proportionally more in areas

with greater security risk.

8. How to Test a Network (Definition + 10 Points): Definition:

Network testing involves evaluating the security, performance, and
reliability of a network infrastructure to detect vulnerabilities and
ensure resilience.

1. Port scanning: Identify open ports using tools like Nmap.

2. Vulnerability scanning: Use Nessus or OpenVAS to find network-

level flaws.

3. Penetration testing: Simulate attacks to test firewall and IDS/IPS

effectiveness.

4. Packet sniffing: Analyze data traffic using Wireshark to detect

anomalies.

5. Access control validation: Ensure proper segmentation and ACL

enforcement.

6. Throughput testing: Measure bandwidth and latency to ensure

network robustness.

7. Router and switch security: Check for outdated firmware and

misconfigurations.

8. DNS and DHCP testing: Evaluate services for spoofing or

poisoning vulnerabilities.

9. Log analysis: Review logs for intrusion patterns or misbehavior.

 10. Wireless security check: Test for WPA2 encryption and
rogue APs.

9. How to Test an Application (Definition + 10 Points): Definition:

Application testing assesses the software for functional correctness,
security flaws, and performance issues to ensure it meets requirements.

1. Unit testing: Validate individual functions or modules.

2. Integration testing: Ensure proper interaction between

components.

3. System testing: Evaluate the complete system against

requirements.

4. Security testing: Use SAST and DAST tools to detect

vulnerabilities.

5. Authentication testing: Test login, password strength, and MFA

implementation.

6. Authorization testing: Check access restrictions for different

roles.

7. Input validation: Simulate malicious input to verify sanitization.

8. Error handling: Ensure exceptions don’t expose sensitive

information.

9. Session management: Test token expiry, logout, and hijack

protection.

10. Performance testing: Use tools like JMeter for load and
stress testing.

10. Security Bugs (Definition + 10 Points): Definition:

Security bugs are flaws or errors in code that allow attackers to exploit
or compromise the integrity, confidentiality, or availability of a system.

1. Buffer overflow: Exceeding memory limits to run malicious code.

2. Cross-Site Scripting (XSS): Injection of malicious scripts in web

pages.

3. SQL injection: Injecting SQL commands to access or modify

databases.

4. Insecure deserialization: Remote code execution via

manipulated serialized data.

5. Authentication bypass: Weak login logic allowing unauthorized

access.

6. Privilege escalation: Gaining higher-level permissions due to

improper checks.

7. Hardcoded credentials: Embedding passwords or tokens in

source code.

8. Inadequate encryption: Using outdated or weak encryption

techniques.

9. Race conditions: Exploiting timing issues in concurrent

execution.

10. Unvalidated redirects: Redirecting users to malicious sites

using manipulated URLs.

11. Team Roles for Security (Definition + 10 Points): Definition:

Security responsibilities are distributed across different team roles to
ensure end-to-end protection of the software and infrastructure.

1. Security architect: Designs secure system architecture.

2. Developers: Implement secure coding practices.

 3. QA/testers: Validate security through test cases.

4. DevOps engineers: Ensure secure CI/CD pipelines and

infrastructure.

5. Security analysts: Monitor logs and detect anomalies.

6. Penetration testers: Simulate attacks to identify vulnerabilities.

7. Product managers: Define security requirements in features.

8. Compliance officers: Ensure alignment with regulations.

9. Incident responders: Handle breaches and coordinate recovery.

10. Trainers: Educate staff on secure practices and tools.

Diagram: Security Roles Across a DevSecOps Pipeline