1. What are the important considerations in choosing a Red Team (or attack team) for your software system? Give examples to justify your position.
2. How should you utilize the results of a static analysis of the system? What criteria should determine the level of action taken on any item?
3. Why is it important to probe and attack a system both at rest and in action? Give examples of information that is provided by each that the other could not provide.
4. What factors should influence the time frame and scope of a penetration test? Give examples to support your ranking.
5. Why is a single system compromise insufficient for a penetration test? Justify your position.
6. Why is it important to simulate the deployment environment as closely as possible when performing a penetration test? What could happen if the conditions vary significantly from the live environment?
7. What external elements of a system environment play a role in the security of a software system? How should these be considered in a penetration testing environment?
8. What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.
According to the Chegg policy we answer the first one but I answer 2 questions for you.
Answer 1)
Red Team is a team in the part of cyber security who make false attack to their own organization to check that the organization cyber security is able to handle attack from the outside world. The team will basically simulate attacks to the organization.
The consideration for choosing a Red Team are
1) Normally the Red Team will be a outsiders. Because internal team knows the cyber security measures which has taken. There are several organization who act as a Red Team for a company to measure the cyber security attacks.
2) Identify the risk. The Red Team must understand the process of the company and they should attack and verify the every aspect of the cuber security. And they should in a unknown time, because if the company cyber security person know when the attack will be happen they will be more careful.
3) The Red Team should be aware about the latest attack, because there are regular new technologies are developed to attack a company. And every aspect should be verified like phishing, SQL injection etc. As for example the Red Team should also check the web site pages for SQL Injection which can be used to enter to the database of the Company.
4) Aware of threats. The Red Team should check the Security threats like Trojan horse,spyware, DDOS attack etc. They should use the attacks to the organization , and should report that the organization is capable to face this types of attack properly.
Answer 2)
The static analysis of the system is required to check the code of the system is correct or not. Actually the code error or mathematical errors and also the vulnerabilities of the code are tested here. Before the system deployment this testing takes place.
The result of the static analysis are utilized for various ways.
1) The system has no code errors so it can be deployed
successfully.
2) The code has no mathematical error, so at run time it can
utilize the CPU properly.
3) Efficiency of the coding according to the standard
mentioned.
4) The user Interface code written properly.
The level of action is based on the errors generated on the code by the static analysis or the level of action can also be taken if there are any vulnerabilities in the code.
1. What are the important considerations in choosing a Red Team (or attack team) for your software...
A new version of the operating system is being planned for installation into your department’s production environment. What sort of testing would you recommend is done before your department goes live with the new version? Identify each type of testing and describe what is tested. Explain the rationale for performing each type of testing. [ your answer goes here ] Would the amount of testing and types of testing to be done be different if you were installing a security...
use your own words, don't copy and paste, don't use handwriting, please. Question 1 Briefly describe the three main types of software maintenance. Why is it sometimes difficult to distinguish between them? Question 2 What are the strategic options for legacy system evolution? When would you normally replace all or part of a system rather than continue maintenance of the software? Question 3 Discuss at least four risks that could arise in a given software development, analyse each risk according...
Can you please give me just few lines on each question? 1. How would you classify your experience with software development? Beginner, Intermediate, or Advanced and why? 2. Have you built a web application that includes HTML, JavaScript, SQL, and a server-side technology, and is used in a production environment? If so, please describe. 3. Have you built a mobile or responsive application with HTML, CSS, and JavaScript? Please describe. 4. What JavaScript technologies do you have experience with? Have...
1. What is a corporate culture, and why is it important? Describe the culture at a business where you have been employed. 2. Mention five specific techniques you can use to improve your written documents. 5. When preparing an oral presentation, what six tasks should you perform? 7. Why are visual aids important? Give at least three examples of different types of visual aids, and explain how you would use each type in a presentation. 8. Based on your own...
IT's About Business 4.1 The Heartbleed Bug What Is Heartbleed? OpenSSL, an open-source software package, is a popular type of transport layer security (TLS) software (discussed later in this chapter) that secures numerous websites around the world. Web servers use OpenSSL to encrypt sites. Such sites show up in browsers with a “lock” icon and the “https” prefix in the address bar. The encryption protects Internet sites offering banking, shopping, email, and other private communications. Roughly two out of three...
Need help with this project please! Please name the compiler and software used, would really appreciate that information. Don't bother doing the report section on this assignment either. Me and my group will handle it. This is a group project. Group size should be exactly 2 (unless approved earlier by the instructor). Only ne mi imi ma Design a security architecture for a smart electric metering infrastructure. Smart electric meters have embedded hardware for cellular connectivity, and are able to...
Give your opinion on what you believe to be the greatest IT security concern facing businesses today and explain the main reason(s) why you believe such is the case. Additionally, propose at least one security control that a business could consider implementing in order to protect against the IT security concern in question. Read the article titled "10 security best practice guidelines for consumers". Next, identify the security practice guideline that you believe consumers should. educate themselves with the most...
Determine the security updates that apply to your computer. Compile a list of security updates for your computer and provide a summary of the vulnerabilities they prevent from being exploited. Provide a summary of the course of action you have taken to secure your computer. If your computer is up-to-date in terms of recommended patches and configuration changes, choose three of the optional enhancements that would apply to your operating system (OS) version and summarize why they would be beneficial....
In the Week 1 Lesson Video, you were introduced to the team at Getta Byte Software. Your assignment this week is to discuss the billing project charter and submit a one- to two-page paper. Consider what additional risks, assumptions, or requirements Getta Byte should include in this charter. Getta Byte Software—The Project Scope We need a new billing system. Why? The one we have works fine. It's manual, time-consuming, and inaccurate. There is that... So, it has to be automated,...
CHapter 8 from 978-0-13-408504-3 (Security in Computing 5th Edition) 1. Explain the differences between public, private, and community clouds. What are some of the factors to consider when choosing which of the three to use? 2. How do cloud threats differ from traditional threats? Against what threats are cloud services typically more effective than local ones? 3. You are opening an online store in a cloud environment. What are three security controls you might use to protect customers’ credit card...