B.Sc. & B.Sc.

(Hons) in Computing with Computer Security & Digital Forensics Year 3 & Year 4 Summer 2013
Secure Coding Techniques Page 1 of 4
Letterkenny Institute of Technology
Course code: SCUR CP701
Subject: Secure Coding Techniques Stage: Award
Date: Summer 2013 Examiners: Mr. N. McKelvey
Dr. K. Curran
Time allowed: 2 hours
INSTRUCTIONS
Answer THREE out of five questions.
All questions are worth 25 marks.
BACHELOR OF SCIENCE & BACHELOR OF SCIENCE
(Honours/Ordinary)
IN
COMPUTING
with
COMPUTER SECURITY & DIGITAL FORENSICS
B.Sc. & B.Sc.(Hons) in Computing with Computer Security & Digital Forensics Year 3 & Year 4 Summer 2013
Secure Coding Techniques Page 2 of 4
Question 1.
(A) The Open Web Application Security Project (OWASP) Top Ten
represents a broad consensus about what the most critical web
application security flaws are. Discuss these top 10 issues making
reference to suggested solutions.
20 Marks
(B) Briefly discuss BotClouds.
5 Marks
Question 2.
(A) RSA was described in an MIT paper in 1978. Describe RSA outlining its
3 steps.
9 Marks
(B) Examine the HTML snippet below. Describe the issue.
<form method="post" action="Login_Account.php">
<input type="text" name="username">
<input type="password" name="password">
</form>
4 Marks
(C) When applying secure coding techniques to any Java program there
may be times when this can impede performance. Discuss this issue
using examples.
12 Marks
B.Sc. & B.Sc.(Hons) in Computing with Computer Security & Digital Forensics Year 3 & Year 4 Summer 2013
Secure Coding Techniques Page 3 of 4
Question 3.
(A) Discuss the merits and demerit of the Payment Card Industry Data
Security Standard (PCI DSS).
10 Marks
(B) Examine the code below and outline in detail a potential issue that
might exist and suggest a solution:
Date d = new Date();
Scheduler.scheduleTask(task1, d);
d.setTime(d.getTime() + ONE_DAY);
scheduler.scheduleTask(task2, d);
7 Marks
(C) Guidelines exist for writing immutable classes. Outline these
guidelines using code snippets and/or examples to aid your answer
where appropriate.
8 Marks
B.Sc. & B.Sc.(Hons) in Computing with Computer Security & Digital Forensics Year 3 & Year 4 Summer 2013
Secure Coding Techniques Page 4 of 4
Question 4.
(A) Examine the code below:
Random r = new SecureRandom();
byte[] salt = new byte[20];
r.nextBytes(salt);
Discuss the importance of Salt and briefly explain why
SecureRandom() is used and not Random().
8 Marks
(B) Outline the purpose of the Garbage Collector making reference to its
advantages, disadvantages and how a programmer might change the
reachability of an object. Use code and/or diagrams to aid your
answer where appropriate.
10 Marks
(C) Briefly describe each of the seven states of the Java object lifecycle.
7 Marks
Question 5.
(A) Issue a command that will create a "trusted certificate" entry in
a keystore whose name is that specified in storefile. The entry
contains the data from a file ABCCA.cer, and it is assigned the
specified alias myAlias.
9 Marks
(B) Describe a Message Digest (MD) attack outlining how it can happen
and what steps can be taken to prevent against such an attack.
9 Marks
(C) To get a certificate signed by a Certification Authority (CA), we must
first generate a Certificate Signing Request (CSR), via a command.
Give the command necessary to produce this CSR where the alias
is myAlias and the CSR file is named myCSR.
7 Marks