Chapter 1 Security Fundamentals - Alice and Bob Learn Application Security

Questions to be answered
1. Bob sets the Wi-Fi setting on his pacemaker to not broadcast the name of his Wi-Fi. What is this defensive strategy called?

2. Name an example of a value that could be hard coded and why. (What would be the motivation for the programmer to do that?)

3. Is a captcha usable security? Why or why not?

4. Give one example of a good implementation of usable security.

5. When using information from the URL parameters do you need to validate that data? Why or why not?

6. If an employee learns a trade secret at work and then sells it to a competitor, this breaks which part(s) of CIA?

7. If you buy a “smart” refrigerator and connect it to your home network, then have a malicious actor connect to it and change the settings so that it’s slightly warmer and your milk goes bad, which part(s) of CIA did they break?

8. If someone hacks your smart thermostat and turns off your heat, which part(s) of CIA did they break?

9. If a programmer adds an Easter egg (extra code that does undocumented functionality, as a “surprise” for users, which is unknown to management and the security team), does this qualify as an insider threat? If so, why? If not, why not?

10. When connecting to a public Wi-Fi, what are some of the precautions that you could take to ensure you are doing “defense in depth”?

11. If you live in an apartment with several roommates and you all have a key to the door, is one of the keys considered to be a “factor of authentication”?