Physical and Software controls
Software auditing
Software Security and Data Vulnerabilities
Web App Risks
Third party software risks Legislation
100

Category of software tools that help a software team manage changes to source code over time.

What is version control?
100

Poorly coded or malicious code that causes data loss, unauthorised access, privacy/legal issues...etc

What is a risk?

100

When personal information is accessed, disclosed without authorisation, or is lost.

What are data breaches?

100

An attacker injects malicious scripts into content that is later executed by other users. This attack exploits weaknesses in how web applications handle user input, allowing attackers to manipulate or steal data, hijack user sessions, or deface websites.

What is cross site scripting?

100

Laws created by parliament

What is Legislation

200

The process of identifying and verifying a user to confirm that they are allowed to access a resource

What is user authentication?

200

The process of systematically reviewing and assessing software applications, codebases, processes, or systems to ensure they meet specific standards, guidelines, and requirements.

What is software auditing?

200

Negative outcomes such as: Emails used for phishing scams, Breaches of privacy law, Unauthorised access to customer accounts, Loss of reputation with customers, Company collapse

What are consequences?

200

JavaScript is a high-level, versatile programming language commonly used in web development to create interactive and dynamic content for websites

What is Javascript?

200

Refers to programs that are developed by companies other than the company that developed the computer's operating system.

Software modules included in an application that the developer did not program themselves, acquired from somewhere else.

What is a third party software 

300

Encoding information so that it is unreadable without the use of an encryption key

What is encryption?

300

A simulated cyber attack against your computer system to check for exploitable vulnerabilities

What is penetration testing?
300

Cyberattack where an attacker intercepts the communication between two parties . The attacker positions themselves between the sender and receiver and impersonates either one, secretly capturing or modifying the information exchanged

What is a Man-in-the-middle attack?

300

Running malicious sql commands via unsanitized user inputAllows unauthorized users to add/modify/delete contents of the SQL database



What is a SQL Injection?

300

Security vulnerability, High battery usage, Privacy issues Can be active without the user’s awareness, Higher resource usage (RAM, CPU), Loss of access to third party due to server maintenance

What are risks of using a third party software

400

The process of improving and modifying an existing software in order to improve security, fix errors, add new functionality and improve performance

What is software updates?

400

A risk that causes unintentional destruction, deletion, or corruption of data during the software's lifecycle.

What is data loss?

400

A range of malicious activities where attackers manipulate individuals into divulging confidential information, such as passwords, personal data, or financial details. Rather than directly attacking software or systems, social engineering exploits human psychology

What is social engineering?

400

Sanitise/escape user input to remove special characters associated with SQL commands

How to prevent SQL injections?

400

Rules for the collection, storage, and communication of personal information 

What is the Privacy Act 1988

500
Encryption that involves the same key used to encrypt the plaintext by the sender is the same as the the key that is used to decrypt the ciphertext by the receiver

What is symmetric encryption?

500

A risk that causes situations where individuals or systems gain access to software applications, databases, networks, or sensitive information without proper permissions.

What is unauthorised access?


500

An attack where attackers send fraudulent emails or messages that appear to come from a legitimate source, the message typically contains a link or attachment that, if clicked, can install malware or direct the victim to a fake website where they are asked to enter sensitive information.

What is phishing?

500

Sanitise/escape user input to remove special characters associated with JavaScript commands



How to prevent cross site scripting?

500

Collection and handling of health information in public and private sector

What is the Health Records Act 2001