What is the difference between robust programming and secure programming?
- Robust programming is the opposite of secure programming.
- Robust programming prevents buffer overflows; secure programming handles them should they occur.
- Robust programming deals with errors whether or not they are a security problem; secure programming deals with errors that are security problems
- Robust programming deals with speed and secure programming deals with security.
Fill in the blanks with the correct phrases from options below:
Security policies _______ and security mechanisms ______.
- enforce what is and is not allowed, check that the enforcement is effective here
- state an ideal of what is, and is not, allowed - describe what is, and is not, allowed and can be properly implemented
- say what is and is not allowed, enforce the policy
- is derived from government requirements, are based on, or are, commercial offerings
Consider a program that uses a cryptographic library obtained from a third party.
Which of the following is most likely to be true?
- The programmer should never use a library from a third party; she should implement the cryptography herself, to ensure the algorithms are implemented correctly.
- The cryptographic routines in the library have been thoroughly tested, so the library can be used without precautions.
- The programmer must take care that all inputs to the library are checked to ensure they match what the library expects.
- If the cryptographic algorithms are used in the library have been examined and confirmed to be strong by experts, then the library is safe to use.
When a user tries to log in, she enters a login name and a password. The computer checks that the login name is that of an authorized user and if not, gives the error message "Bad login name" and requests another name and password. If the login name is valid, it checks the password and if that does not correspond to the named user, it gives the error message "Bad password" and requests another password.
Which of the following best describes this procedure?
- It is poor security, because a user can tell whether a guessed login name is a valid one.
- It is good security, because unless a valid login name and correct corresponding password are entered, the system denies access.
- It is good security, because it tells the user exactly what the problem is; that way, the user can report the precise error to the help desk.
- It is poor security, because if the password is wrong, the system tells the user the password is wrong and then requests another password. It should restart the login process.
What are the two key concepts of secure programming?
- Privilege and protection
- Programming and privilege
- Protection and programming
- Logging and auditing
Which of the following should you do in secure programming?
- Buffer overflows
- Grant more privileges than necessary
- Numeric overflows
- Checking the input for validity
Complete the sentence:
Buffer overflows are _______ a security problem.
- Not yet