Читать книгу Alice and Bob Learn Application Security - Tanya Janca - Страница 22

These exercises are meant to help you understand the concepts in this chapter. Write out the answers and see which ones you get stuck on. If you have trouble answering some of the questions, you may want to reread the chapter. Every chapter will have exercises like these at the end. If there is a term you are unfamiliar with, look it up in the glossary at the end of the book; that may help with your understanding.

If you have a colleague or professional mentor who you can discuss the answers with, that would be the best way to find out if you are right or wrong, and why. Some of the answers are not Boolean (true/false) and are just to make you contemplate the problem.

1 Bob sets the Wi-Fi setting on his pacemaker to not broadcast the name of his Wi-Fi. What is this defensive strategy called?

2 Name an example of a value that could be hard coded and why. (What would be the motivation for the programmer to do that?)

3 Is a captcha usable security? Why or why not?

4 Give one example of a good implementation of usable security.

5 When using information from the URL parameters do you need to validate that data? Why or why not?

6 If an employee learns a trade secret at work and then sells it to a competitor, this breaks which part(s) of CIA?

7 If you buy a “smart” refrigerator and connect it to your home network, then have a malicious actor connect to it and change the settings so that it’s slightly warmer and your milk goes bad, which part(s) of CIA did they break?

8 If someone hacks your smart thermostat and turns off your heat, which part(s) of CIA did they break?

9 If a programmer adds an Easter egg (extra code that does undocumented functionality, as a “surprise” for users, which is unknown to management and the security team), does this qualify as an insider threat? If so, why? If not, why not?

10 When connecting to a public Wi-Fi, what are some of the precautions that you could take to ensure you are doing “defense in depth”?

11 If you live in an apartment with several roommates and you all have a key to the door, is one of the keys considered to be a “factor of authentication”?