Consider the use of cryptography in security
as well as the stages for an application software security assessment.
Use your own experience, the online readings, and research to answer
the following questions:
A general view of
access control from a software perspective is that it is "someone else's
problem" such as the operating system or the firewall. What is the
reason for this attitude? Why is it good or bad? Justify your
Cryptography is one of
the many security tools but is given more emphasis than most in the
media and in most security courses. Explain the limitations of
cryptography in your own words. What does cryptography provide? What
are the main problems associated with using cryptography? Give at least
two security problems that cannot be solved with cryptography. Justify
your answers with examples and analysis.
Give an example of sensitive data that should be
protected by cryptography. Why would this be necessary? Who might stand
to gain by exploiting this information if it were not protected?
Research the Open Web Application Security
Project (OWASP) organization and the Microsoft Secure Development
Lifecycle (MSDL) to answer the following questions:
What are the steps in a
secure software development lifecycle? Which steps do you feel are
most important for protecting the final software that results from this
effort? Explain your conclusions.
Give at least three tools you would recommend for
reviewing a software application in development. Provide specific
examples from OWASP, MSDL, or your own research and experience. Briefly
explain what each tool accomplishes.