• CVSS Demystified: Part 2: Base Metrics
  • CVSS Demystified: Part 1
  • Why is it important to train personnel in security if it is not part of their job routine?
  • The Case for Manual Security Code Review
  • Why Sec folk should walk in Developers’ shoes…
  • Manual Security Code Review
  • The difference between The Database and the Database Management System
  • Fuzzing
  • What is the importance of a business continuity plan? What are essential items that should be included in this plan for any business or organization?
  • List and explain five ways to become proactive in securing the organization
  • What is a zero-day attack? Why do these represent a significant threat to information systems?
  • What are the components of two-factor authentication?
  • Describe and discuss common authentication types
  • The root cause of an SQL injection attack and why it continues to be one of the most common security risks to a data server
  • What are the security risks with the use of ActiveX?
  • Summarize the risks of using JavaScript in a web application from a security perspective.
  • How Fast Does Ransomware Encrypt Files?
  • What are the three security issues with utilizing client-side plug-ins in a web application?
  • Zero Day Threats
  • Macro Virus Demo
  • What are some of the ways that a leader in an organization can embody and promote security as an organizational consideration?
  • What are the key factors involved in assessing the importance of a risk?
  • What are the challenges in enforcing security policies in an organization when they have not been in place previously?
  • What challenges exist in creating and implementing new security policies in an organization when there has been no consideration of security in the past?
  • Why is leadership outlook on security critical to employee buy-in at all levels?
  • Summarize the process of constructing security training inside an organization. What are at least four resources that should be consulted to make sure the training is adequate and current?
  • What factors should be involved in deciding on a delivery method for an organization’s security training?
  • What are the main problems with preventing social engineering in an organization?
  • Why do insiders pose such a significant threat to an organization?
  • Security Awareness and Training: SANS Guidelines
  • How does the evolution of attack tools affect existing systems? What steps should an organization take to remain vigilant of these new methods for compromising systems?
  • Why is it important to retain documentation of legacy elements of a software system?
  • Choose at least three available tools for software review and analysis, and summarize their features and drawbacks.
  • What factors should influence the time frame and scope of a penetration test?
  • Why is it important to probe and attack a system both at rest and in action?
  • What advantages do actual attackers have over penetration testers in attempting to compromise a system? Justify your conclusions.
  • What factors should be considered in responding to any compromise identified in either static or dynamic analysis of a system? Rank at least four factors and justify your ordering.
  • What are the important considerations in choosing a Red Team (or attack team) for your software system?
  • Fuzzing
  • Why is a periodic system review beneficial to security?
  • What protections can you place within an organization on code that is developed externally?
  • What are the risks of not mapping the instantiation and cleanup of variables containing privacy data?
  • How is the Scope of a Variable important to Security Planning?
  • What are the most critical aspects of security in an Object-Oriented Software system?
  • The Importance of Establishing a Ranking of Vulnerabilities in a System
  • Constructing Misuse Cases: Benefits and Drawbacks
  • Benefits of creating a vulnerability map for a planned software system
  • Why should requirements gathering be prevented after the scope of the system is defined?
  • Why is it important to rank the importance of various stakeholders involved in system development?
  • Why is it important to incorporate security throughout the SDLC instead of just in one phase or another?
  • Secure SDLC
  • Buffer Overflow
  • What are the differences between data and information?
  • What are the Risks associated with Inheritance in Classes?
  • Why is it Important to Monitor and Control System Output?
  • The Importantance of Setting Boundaries on Variable Values
  • Buffer Overflow: Definition and Defense
  • How does SQL differ from Programming Languages?
  • The Risks of Directly Executing User Input
  • DBMS: The Differences between an Attribute and a Field
  • The Role of the Data Dictionary in the DBMS?
  • Can Rootkits Beneficial to Security Administrators?
  • Different Types of Data Backup
  • Steps to Hardening any Operating System
  • Does any RAID configuration provide a complete solution to fault tolerance in servers?
  • Home Computer and Fault Tolerence
  • PGP and Self-Signed Digital Certificates
  • The Modern Usage of the RSA Cipher
  • Asymmetric and Symmetric key cryptography: A Comparison
  • Macro Virus Demo
  • Who is ultimately responsible for the security choices in software system development and deployment?
  • Database Systems: Threats and Mitigation
  • Why is it important to understand the updates and patches available for your operating system?
  • Policies to combat Social Engineering via Phone Calls
  • Physical Penetration into a Facility: Risks and Mitigation
  • Red Teams: Benefits and Challenges
  • What is the easiest phase of standard software development life-cycle for security considerations?
  • Who can be more destructive? The Unwitting Insider or the Intentional External Attacker?
  • Software Security and Integrity