This quiz is designed to assess the understanding of code analysis and security development life cycle.
Design
Build
Analysis
Respond
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H
CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
3
30
60
90
Use HTTPS Only
No Sensitive data send via GET query
Terminate session after inactivity
Use cookies securely
Vulnerability Response
Security Documentation
Process Governance
Injection Protection
Security Configuration Guide (SCG)
False Positives Knowledge Base (KB)
Product Requirement Document (PRD)
Security Advisory (DSA)
This vulnerability can be exploited over Intranet
This vulnerability can cause a service unavailability when exploited
This vulnerability can be exploit by privileged user only (e.g. root, admin)
Attacker need condition beyond his control to perform exploit
3
30
60
90
Cross-site scripting
Cross-site request forgery
Open redirect
Forced browsing
Use Long/Strong password
Lock account after number of failed attempts
Use 2nd factor (2FA) authentication
Allow not more than 5 login attempt every hour
TLS_RSA_WITH_AES_128_CBC_SHA256
TLS_DHE_RSA_WITH_AES_128_CBC_SHA
TLS_DHE_RSA_WITH_AES_128_GCM_SHA256
TLS_ECDHE_RSA_WITH_AES_128_CBC_SHA
Any SHA2
Any SHA3
SHA1
MD5
PRM files
OVA files
MSI installer
WAR files
Path traversal
Injection
Secret disclosure
Insecure deserialization
Cross-site scripting
Cross-site request forgery
Open redirect
Forced browsing
Qualys Scan
Nessus Scan
MacAfee Scan
Blackduck Scan
C++
Java
Python
Go
1
2
5
10
Cpplint
Coverity
Eclipse
None
Null pointer dereferences
Resource leaks
Control flow issues
Wrong comments
Design.
Coding implementation done.
Testing.
Maintenance.
15%
25%
35%
45%
Coverity
Eclipse
Visual Studio
Source Insight
Only (i) is true
Only (ii) is true
Both are true
Both are false
Dead code
Race conditions
Coded by humans issue
Performance bottle neck