Quiz - Secure Code Competition

The Five Eyes threat model applies equally.

The OWASP threat model applies equally.

The NIST threat model applies equally.

There is no 'one size fits all' threat model.

To increase data accessibility

To enhance data compression

To protect against unauthorized access

To improve data processing speed

Enhancing user experience

Capturing security-relevant events

Reducing system resource usage

Improving code readability

To increase data transmission speed

To enhance user experience

To prevent injection attacks

To improve code readability

Short passwords without complexity

Regular use of default passwords

Length, complexity, and regular updates

Storing passwords in plaintext

Ignoring updates and patches

Regularly updating and patching dependencies

Relying solely on default configurations

Disabling software composition analysis tools

To prolong user sessions indefinitely

To enhance user experience

To prevent unauthorized access by terminating inactive sessions

To increase system resource usage

Granting users the highest level of access by default

Limiting users' access rights to the minimum necessary for their tasks

Granting access based on seniority within the organization

Ignoring access controls in favor of performance optimization

Identifying vulnerabilities in third-party libraries and components

Optimizing code for performance

Ensuring proper input validation

Monitoring runtime behavior for security incidents

a bug that resets the calendar to January 1st, 1970 – the first day in the Unix epoch

a security vulnerability that the developer has not been made aware of prior to its exploitation

a vulnerability that takes almost no time at all to usefully exploit

a system vulnerability that is clock based, such as an exploit that is only useful during nightly maintenance windows