530a7

Chapter 13

1- Why is leadership outlook on security critical to employee buy-in at all levels? Give examples to justify your position.

2- What are the challenges to implementing security policies in an organization when they have not been in place previously? Give examples to support your position.

3- What privacy issues should be considered with employee access to software systems even when the software is housed within the organization?

4- Why is consistency so important when applying security to the software development process? Justify your position

5- What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?

Chapter 14

1. Why is the Web such a large attack surface? What are four things that can be done to reduce the attack surface for a web application?

2. What are the three security issues with utilizing client-side plug-ins in a web application?

Give examples to support your conclusion.

3. Summarize the risks of using JavaScript in a web application from a security perspective.

4. What limitations should be placed on system output to prevent information leakage in a web application?

5. What are the security issues surrounding the use of apps on mobile devices to connect to a web application? What are three steps that can be taken to increase security around the use of app interfaces?