Reference no: EM132865068

There are 11 questions.

Questions 1 to 3 are snippets of code questions with vulnerabilities to identify, explain, and correct where applicable.
Question 4 relates to user requirements and version control.
Question 5 is about testing.
Question 6 deals with continuous deployment.
Question 7 is about software decommissioning.
Question 8 is about python expression and statement
Question 9 is about python Exception Handling
Question 10 is about python Exception and Error
Question 11 is a set of 5 multiple choice questions of application testing.

Assessment

1) Scripting vulnerability
Given the snippet of code below find solutions to the following statements:
1) Identify this type of attack.
2) Explain this vulnerability and how it can happen.
3) Explain how it can be fixed.
<!DOCTYPE html>
<html>
<head></head>
<body>
<h1>Insecure Web Page</h1>
<p>
This website has poor security features. Explain why.
</p>
<h3>Add Your Comment</h3>
<div>
Poor Coding Style! <script>alert('You See I Got You!')</script>
</div>
</body>
</html>

2) Explain what the malicious snippet of code below does
protected void doGetRequestedData(HttpServletRequestsvltrq, HttpServletResponsesvltresp) {
String name = svltrq.getParameter("NAME");
StringBuffersbres = new StringBuffer();
String query = "SELECT fullname FROM emp WHERE name = '" + name + "'";
ResultSetrs = DB.createStatement().executeQuery(query);
res.append("<table class=\"table\"><tr><th>Employee</th></tr>");
while (rs.next()) {
sbres.append("<tr><td>");
sbres.append(rs.getString("fullname"));
sbres.append("</td></tr>");
}
sbres.append("</table>");
svltresp.getWriter().append(sbres.toString());
}

3) You will be provided with a folder that has an application with vulnerable code. Follow the provided instructions to answer the set questions.
SQL injection/Input validation task 10 marks(error identification 4 marks. Correcting them 4 marks, testing to show that there are no more issues 2 marks).

4) User requirements
A restaurant called NotEatingOutTonight has decided to go digital. For that they have decided to develop an Online home delivery service.
They hired you as a consultant and security expert to gather business requirements using user story and evil user story mapping techniques.

As security must be embed within your design, ensure that confidentiality, integrity, availability, and non-repudiation are covered.

Using the scrum board below rewrite the specified user stories for each sprint by including not only the corresponding user story but also their acceptance criteria in addition to their evil stories.

You must include a first, second, and third version of your design to show the implementation of version control.

5) Explain with examples where applicable the differences between manual and automated testing. You must focus on the characteristics that need considering while writing scripts to perform automated testing.

6) How do you secure continuous deployment for applications in the cloud

7) Explain the reasons for software decommissioning and how this process can be handled

8.What is the difference between an expression and a statement in Python?

9. Why is Exception Handling is required for python?

10. What is a difference between an error and exception?

11) Multiple choice questions

1. A ..... is a deviation from the specified or expected behaviour that is visible to end-users.
a) an error
b) a fault
c) a failure
d) a defect

2. It is during the ...... stage that the tester design test cases.
a) Test recording.
b) Test configuration.
c) Test planning.
d) Test specification

3.) Which of the following standards set the general principles for Component Testing?
a) BS7925-2
b) IEEE 829
c) BS7925-1
d) IEEE 610

4. What do you think testing should be based on when testing large systems?
a) Only few tests
b) Test Cases written by test expert engineers
c) Test Cases
d) Risks

5. Which of the subsequent statement is not a typeof incremental testing methodology?
a) Big bang
b) Top down
c) Bottom up

Attachment:- BAC exams.rar