Chapter 13
1- Why is leadership outlook on security critical to employee buy-in at all levels? Give examples to justify your position.
2- What are the challenges to implementing security policies in an organization when they have not been in place previously? Give examples to support your position.
3- What privacy issues should be considered with employee access to software systems even when the software is housed within the organization?
4- Why is consistency so important when applying security to the software development process? Justify your position
5- What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?
Chapter 14
1. Why is the Web such a large attack surface? What are four things that can be done to reduce the attack surface for a web application?
2. What are the three security issues with utilizing client-side plug-ins in a web application?
Give examples to support your conclusion.
3. Summarize the risks of using JavaScript in a web application from a security perspective.
4. What limitations should be placed on system output to prevent information leakage in a web application?
5. What are the security issues surrounding the use of apps on mobile devices to connect to a web application? What are three steps that can be taken to increase security around the use of app interfaces?