Software Security Jeopardy Template

Physical and software security control

Software auditing and testing strategies

Web application risks

Types of software security and data security vulnerabilities

Third Party

100

Uses a username and password to allow authorised access to a system

What is user authentication

100

Poorly coded or malicious code that causes the following:

What is Risk?

100

Unsecured web pages, web applications, and web servers running malicious Javascript code

What is Cross-site scripting?

100

When personal information is accessed, disclosed without authorisation, or is lost.

What is Data breaches?

100

Refers to programs that are developed by companies other than the company that developed the computer's operating system.

What is Third Party program

200

a category of software tools that help a software team manage changes to source code over time.

What is version control?

200

A simulated cyber attack against your computer system to check for exploitable vulnerabilities

What is Penetration Testing?

200

Allows dynamic and interactive content on HTML/CSS webpages 97% of websites used it

What is Javascript?

200

An attacker ‘spoofs’ an unsecured wifi network that a client connects too

What is Man-in-the-middle attacks?

200

Security vulnerability

High battery usage

Privacy issues

What is risk

300

To confirm a user is allowed to access a resource

What is User authentication?

300

Review the interaction between modules within the software, e.g login, saving, data manipulation

What is Software Auditing?

300

user input to remove special characters associated with JavaScript commands

What is Sanitise/escape?

300

Manipulation of the weakest link in a computer system

What is Social Engineering?

300

Delete the third party software

Get another third party

Stop software from running automatically at startup

What is Manage the risks

400

information so that is unreadable without the use of the encryption key

What is Encryption?

400

What is Legal issues?

400

Running malicious sql commands via unsanitized user input

What is SQL Injection?

400

the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers.

What is phishing?

400

user data transferred without their knowledge

What is Privacy issues?

500

Public-Private Key pair

What is Asymmetric encryption?

500

lack of security

What is Unauthorised access?

500

Sanitise/escape user input to remove special characters associated with SQL commands

What is prevention

500

Unauthorized access to customer accounts

Loss of reputation with customers

What is Consequences?