This week's online activity is about the Security of Web Applications

 

1.     From the Lynda.com course Foundations of Programming: Web Security, watch the videos of Chapter 1 "Security Overview" and Chapter 2 "General Security Principles"

Those two chapters begin at these two URLS

http://www.lynda.com/Developer-Web-Development-tutorials/What-security/133330/163830-4.html

http://www.lynda.com/Developer-Web-Development-tutorials/Least-privilege/133330/163837-4.html

 

Check your understanding of these new concepts with this Quiz

Question 1
What is a script kiddie?
	A type of attacker who does not have technical skills but can run scripts and do damage because of the skills of others (correct)
	A highly skilled anonymous attacker	
	A programmer who is learning how to write shell scripts
	A software program that entertains children
	A script that manages other scripts for organizing attacks

Question 2
What is a security policy document?
	None of these answers
	A list of security vulnerabilities in a certain version of a program
	A set of instructions for securing a publicly accessible server
	A contract between a company and a security provider
	A document that communicates how information assets are protected in an organization (correct)

Question 3
Which of the following is not a core principle of computer security?
	Blacklisting and whitelisting
	Do not apply patches until the community has tried them (correct)
	Never trust users
	Least privilege
	Defence in depth

Question 4
Which of the following is true about computer security?
	Security is fostered by following best practices to keep the weakest link in the security chain above a certain threshold (correct)
	A good security system is unaffected by users' bad habits
	It is important to ensure any computer connected to the public internet is totally 100% secure
	The more complex a computer system is, the more secure it is

Question 5
Which of the following would be carried out by a white hat hacker?
	Attempting to use or sell stolen credit card numbers
	Spying on the employees of high-profile companies
	Taking control of a computer system for which they have no permissions, in order to carry out a denial of service attack
	Deliberately crashing a high-profile company's web server
	Attempting to find vulnerabilities in major operating systems with the goal of warning the operating system's vendor (correct)