WGU Secure-Software-Design WGU Secure Software Design (D487) Exam Exam Practice Test

The issue described involves a session management vulnerability where the user’s session remains active even after the browser window is closed, allowing another user on the same machine to access the application without logging in. To prevent this security risk, it’s essential to adjust the session management controls to include an automatic timeout feature. This means that after a period of inactivity, or when the browser window is closed, the session should automatically expire, requiring a new login to access the application. This adjustment ensures that even if a user forgets to log out, their session won’t remain active indefinitely, reducing the risk of unauthorized access.

References:

Secure SDLC practices emphasize the importance of security at every stage of the software development life cycle, including the implementation of proper session management controls12.

Best practices for access control in security highlight the significance of managing session timeouts to prevent unauthorized access3.

Industry standards and guidelines often recommend session timeouts as a critical security control to protect against unauthorized access4.

The OpenSAMM business function being assessed is Verification. This function involves activities related to reviewing and testing to ensure that the software meets the required security standards and practices. In the context of the question, the software security group’s focus on reviewing design artifacts to ensure compliance with organizational security standards falls under the Verification function. This includes tasks such as design review, implementation review, and security testing, which are all aimed at verifying that the security measures and controls are correctly integrated into the software design.

References: The information is verified as per the OWASP SAMM documentation, which outlines the Verification function as a core business function that encompasses activities like design review, which is directly related to the assessment of design artifacts mentioned in the question1.

Data integrity requirements within a privacy impact statement ensure that personal information is maintained in an accurate and up-to-date manner. This involves establishing processes to regularly review and update personal data, as well as correct any inaccuracies. These requirements are crucial for maintaining the trustworthiness of the data and ensuring that decisions made based on this information are sound and reliable.

References:

The Office of the Privacy Commissioner of Canada’s guide on the Privacy Impact Assessment process emphasizes the importance of accuracy and currency of personal information1.

The European Union’s General Data Protection Regulation (GDPR) outlines principles for data processing, including the necessity for data to be accurate and kept up to date2.

The General Data Protection Regulation (GDPR) also includes provisions for data protection impact assessments, which involve documenting processes before starting data processing3.

The secure coding practice being described is Access Control. This practice ensures that access to data and features within a system is restricted and controlled. The description given indicates that the product has mechanisms to prevent the display of personally identifiable information (PII), restrict the printing of private documents, and require elevated privileges to access archived documents. These are all measures to control who has access to what data and under what circumstances, which is the essence of access control.

References:

ISO/IEC 27018 Code of Practice for Protecting Personal Data in the Cloud1.

NIST SP 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII)2.

ISO/IEC 29151:2017, Code of practice for personally identifiable information protection3.

The Intelligence domain in the Building Security in Maturity Model (BSIMM) focuses on gathering and using information about software security. This includes understanding the types of attacks that are possible against the software being developed, which is why reviewing attack models falls under this domain. The BSIMM domain of Intelligence involves creating models of potential attacks on software (attack models), analyzing actual attacks that have occurred (attack intelligence), and sharing this information to improve security measures. By reviewing attack models, the software security group is essentially assessing the organization’s ability to anticipate and understand potential security threats, which is a key aspect of the Intelligence domain.

References: The references used to verify this answer include the official BSIMM documentation and related resources that describe the various domains and their activities within the BSIMM framework12345.

The practice described is Code review, which is a part of secure software development best practices. Code reviews are conducted to ensure that the code adheres to accepted coding patterns and meets the team’s quality standards. This process involves the examination of source code by a person or a group other than the author to identify bugs, security vulnerabilities, and ensure compliance with coding standards.

References:

Fundamental Practices for Secure Software Development - SAFECode1.

Secure Software Development Framework | CSRC2.

Secure Software Development Best Practices - Hyperproof3.

The phase being described is the Deployment phase of the SDLC. This phase involves making the software available for use by customers after it has been developed, tested, and approved for release. It includes the installation of the software in the production environment, ensuring that all features are operational as intended, and obtaining formal approval from leadership to proceed with making the product available to end-users. The deployment phase is critical as it transitions the software from a development setting to a real-world operational environment.

References:

SDLC Deployment Phase – A Step by Step Guide1

Understanding the SDLC: Software Development Lifecycle Explained2

 Data flow analysis is a manual code review technique where the reviewer traces the path of data from its entry point in the software (input control) through its processing and manipulation within the application, to its exit points (outputs). This technique is used to ensure that the data is handled securely throughout its lifecycle within the application and to identify any potential security vulnerabilities that may arise from improper data handling or processing12

 Session management is a core component of secure coding, which involves maintaining the state of a user’s interaction with a system. Proper session management can help protect against various security vulnerabilities, such as session hijacking and session fixation attacks. It is essential for ensuring that user data is handled securely throughout an application’s workflow.

References: The OWASP Secure Coding Practices guide emphasizes the importance of implementing secure coding standards, which include robust session management1. Additionally, Snyk’s secure coding practices highlight the significance of access control, including authentication and authorization, as fundamental to protecting a system2. These resources align with the concept that effective session management is a best practice in secure coding.

Manual code review is a type of security analysis that requires a significant time investment from a highly skilled team member. This process involves a detailed and thorough examination of the source code to identify security vulnerabilities that automated tools might miss. It is labor-intensive because it relies on the expertise of the reviewer to understand the context, logic, and potential security implications of the code. Unlike automated methods like static or dynamic code analysis, manual code review demands a deep understanding of the codebase, which can be time-consuming and requires a high level of skill and experience.

References: The information provided here is based on industry best practices and standards for secure software design and development, as well as my understanding of security analysis methodologies12.

Comprehensive and Detailed In-Depth Explanation:

The scenario described indicates that the system was subjected to inputs containing random data and some structured query language (SQL) statements, leading to an exponential increase in test data. This behavior is characteristic of fuzzing, a testing technique used to identify vulnerabilities by inputting a wide range of random or unexpected data into the system.

Fuzzing aims to discover coding errors and security loopholes by bombarding the application with malformed or unexpected inputs, observing how the system responds. The presence of random characters and SQL statements suggests that the fuzzing tool was testing for vulnerabilities such as SQL injection by injecting various payloads into the system.

This approach is part of the Verification business function in the OWASP SAMM, specifically within the Security Testing practice. Security testing involves evaluating the software to identify vulnerabilities that could be exploited, and fuzzing is a common technique employed in this practice to ensure the robustness and security of the application.

References:

OWASP SAMM: Verification - Security Testing

After completing vulnerability scans and penetration analysis, security testers document the results to share with stakeholders, such as the organization’s largest customers. The deliverable being prepared in this context is the Security testing reports. These reports typically include detailed findings from the security assessments, explanations of the vulnerabilities discovered, the potential risks they pose, and recommendations for remediation. The purpose of these reports is to provide transparency about the security posture of the software or system and to guide the organization in addressing the identified security issues12. References: 1, 2

 The principle of running with the least privilege is a fundamental security concept that involves granting users only the permissions they need to perform their tasks and no more. This minimizes the risk of a user gaining access to administrator-level functionality that they are not authorized to use. By limiting the privileges of user accounts to the bare minimum necessary, the potential damage from various attacks, such as privilege escalation, is significantly reduced.

References: The concept of least privilege is widely recognized as a critical security measure. Resources like Exabeam’s article on preventing privilege escalation and TechTarget’s guide on privilege escalation attacks provide insights into how enforcing least privilege can mitigate such threats12. These sources verify that running with the least privilege is an effective mitigation technique against the threat of unauthorized access to elevated privileges.

The last step of the SDLC code review process is to review the code for security issues. This involves a detailed examination of the code to identify any potential security vulnerabilities that could be exploited. It’s a critical phase where the focus is on ensuring that the code adheres to security best practices and does not contain any flaws that could compromise the security of the application or system. The process typically includes manual inspection as well as automated tools to scan for common security issues. The goal is to ensure that the software is as secure as possible before it is deployed. References: Mastering the Code Review Process, Understanding the SDLC, How Code Reviews Improve Software Quality in SDLC - LinkedIn.

The privacy impact statement requirement that defines how personal information will be protected when authorized or independent external entities are involved is best categorized under Third party requirements. This aspect of privacy impact assessments ensures that personal data is safeguarded even when it is necessary to involve third parties, which could be service providers, partners, or other entities that might handle personal information on behalf of the primary organization. These requirements typically include stipulations for data handling agreements, security measures, and compliance checks to ensure that third parties maintain the confidentiality and integrity of the personal information they process.

References:

Guide to undertaking privacy impact assessments | OAIC1

A guide to Privacy Impact Assessments - Information and Privacy2

Personal Information Protection Law of China: Key Compliance Considerations3

Privacy Impact Assessment - General Data Protection Regulation (GDPR)4

Privacy impact assessment (PIA) - TechTarget5

 The category that classifies identified threats with no defenses in place, exposing the application to exploits, is Unmitigated Threats. This term refers to vulnerabilities for which no countermeasures or mitigations have been implemented. These threats are critical because they represent actual weaknesses that attackers can exploit. In the context of secure software design, it’s essential to identify these threats early in the SDLC to ensure that appropriate security controls can be designed and implemented to protect against them.

References:

Taxonomy of Cyber Threats to Application Security and Applicable Defenses1.

OWASP Foundation’s Threat Modeling Process2.

Mitigating Persistent Application Security Threats3.

The task described involves assessing a document management application that has been in use for many years to ensure compliance with organizational policies. This typically falls under the category of a security strategy for legacy code. Legacy code refers to software that has been around for a while and may not have been designed with current security standards or organizational policies in mind. A security strategy for legacy code would involve reviewing and updating the application to meet current security requirements and organizational policies, ensuring that it remains secure and compliant over time.

References: The answer is based on standard practices for managing and securing legacy software systems, which include regular assessments and updates to align with current security standards and organizational policies1.

 The security testing technique that involves evaluating the vulnerability of all externally facing enterprise applications through both automated and manual system interactions is known as Penetration Testing. This method simulates real-world attacks on systems to identify potential vulnerabilities that could be exploited by attackers. It is a proactive approach to discover security weaknesses before they can be exploited in a real attack scenario. Penetration testing can include a variety of methods such as network scanning, application testing, and social engineering tactics to ensure a comprehensive security evaluation.

References: The concept of Penetration Testing as a method for evaluating vulnerabilities aligns with industry standards and practices, as detailed in resources from security-focused organizations and literature1.

The step in threat modeling that involves collecting exploitable weaknesses within the product is Identify and document threats. This step is crucial as it directly addresses the identification of potential security issues that could be exploited. It involves a detailed examination of the system to uncover vulnerabilities that could be targeted by threats.

References: The OWASP Foundation’s Threat Modeling Process outlines a structured approach where identifying and documenting threats is a key step1. Additionally, various sources on threat modeling agree that the identification of threats is a fundamental aspect of the process, as it allows for the subsequent analysis and mitigation of these threats2345.

The type of threat described is Tampering. This threat occurs when an attacker intercepts and manipulates data being sent from the client to the server, such as form data being submitted to an API. The attacker may alter the data to change the intended operation, inject malicious content, or compromise the integrity of the system. Tampering attacks are a significant concern in secure software design because they can lead to unauthorized changes and potentially harmful actions within the application.

References:

Understanding the different types of API attacks and their prevention1.

Comprehensive guide on API security and threat mitigation2.

Detailed analysis of Man-in-the-Middle (MitM) attacks and their impact on API security3.

Comprehensive and Detailed In-Depth Explanation:

The scenario outlines the process of decommissioning a legacy application after a new product has successfully taken over its functions. This corresponds to the End of Life phase in the Software Development Life Cycle (SDLC).

The End of Life phase involves retiring outdated systems and transitioning users to newer solutions. This phase ensures that obsolete applications are systematically phased out, reducing maintenance costs and potential security vulnerabilities associated with unsupported software.

In this case, running both the legacy and new applications concurrently provided a safety net to ensure the new system's stability. After confirming the new product's reliability, the organization proceeds to disable the legacy system, marking its End of Life.

References:

Systems Development Life Cycle

Authentication is the most effective control for the scenario because it directly addresses who is using the public computers:

User Identification: Authentication requires users to identify themselves (e.g., library card, login credentials) before accessing the computers. This links actions to specific individuals, making it easier to control unauthorized activity.

Policy Enforcement: Combined with other controls (e.g., content filtering), authentication enables the library to implement policies restricting downloads. If users violate the policy, their identities can be used for consequences.

Deterrent: Knowing they can be identified discourages users from attempting illegal downloads.