Discussion Questions

Chapter 9

1- How does the source of your software code affect the overall security of the system? Justify your position for a general system.

2- Why is it beneficial to develop a software system in a language that is well known to the development team? What are the risks of using a language that is unknown or less common to them?

3- What protections can you place within an organization on code that is developed externally? Give examples to support your recommendation.

4- How can modular code developed within an organization be helpful or harmful to the security of the system? Justify your position.

5- Why is it important to limit the attack surface of the system? Give examples to support your argument.

Chapter 10

1- Why is it important to probe and attack a system both at rest and in action? Give examples of information that is provided by each that the other could not provide.

2- Why is it important to simulate the deployment environment as closely as possible when performing a penetration test? What could happen if the conditions vary significantly from the live environment?

3- What advantages do actual attackers have over-penetration testers in attempting to compromise a system? Justify your conclusions.

4- What are the important considerations in choosing a Red Team (or attack team) for your software system? Give examples to justify your position.

5- What are the risks of using a Red Team that is not qualified? How could this negatively affect system deployment in the live environment?

 

"Looking for a Similar Assignment? Order now and Get 10% Discount! Use Code "Newclient"