Secure Software Architecture: HSC Software Engineering Module 1 quiz quiz

Integrity

Confidentiality

Availability

Authentication

Authentication controls permissions; authorisation verifies identity

Authentication verifies identity; authorisation controls what you may do

They are two words for the same process

Authentication happens on the client; authorisation happens in the database

Encrypt them with AES so they can be decrypted if needed

Hash them with fast MD5 for speed

Store them in plain text behind a firewall

Hash them with a slow salted function such as bcrypt or Argon2

Injection

Broken access control

Cryptographic failures

Security misconfiguration

Browsers cannot run JavaScript validation

It can be bypassed by disabling JavaScript or sending requests directly, so the server must validate too

It is slower than server-side validation

It encrypts data the server cannot read

Encrypting all of the page content for speed

Authenticating the server and securely agreeing on a shared symmetric session key

Hashing the user's password

Compressing the response body

Running a penetration test only after a breach is reported

Threat modelling during design and code review during development

Adding HTTPS only if a customer complains

Storing secrets in source code for convenience