Web application security - the fast guide 1.1 | Page 60

Chapter 3 - Vulnerabilities and threat models
P a g e | 60
3.9 QUIZ
1. vulnerability is:
a. Potential harm that can affect your assets
b. A weakness point in the system that might be exploited by an
attacker.
c. The most valuable parts of the system from beneficial point of
view
d. None of the above.
2. In Identifying assets in Threat modeling all is true except:
a. Identifying assets is about deciding what is worthy to be protected
b. Assets can be anything from a set of credentials to company
reputation.
c. We need to decide the cost of unavailability, replace and
compromise liability
d. None of the above.
3. You are requested to go through the different stages of threat
modeling and generate the skeleton of all needed outputs for a e
catalogue web application with SQL server back end.
1) First we specify a list of the assets
a) Users accounts information
b) Users credit history
c) Catalogue products information especially price.
d) Catalogue availability
2) From the list of assets, we identify the security objectives:
a) Protect customer account details and customer credit history.
b) Ensure that the application is available 99.99 percent of the time.
c) Prevent unauthorized users from modifying product catalog information,
especially prices.
3) Application and architecture overview:
a) The application is an Internet-facing Web application with a SQL Server back
end. The Web server is located in a perimeter network. Business and data access
logic resides on the Web server. The application enables Internet users to
browse and purchase products from the company's product catalog.