Designing Secure Software
Part 1: The advantage of penetration testing is that this methodology permits a team to submit the new system to an environment that allows for refinement rather than simply reacting to problem areas during the post-deployment phase. Please respond to all of the following prompts:
- What is penetration testing?
- Why is it performed?
- When should it be performed?
- What is static analysis, and how does it fit into a penetration testing scenario?
- What is dynamic analysis, and how does it fit into a penetration testing scenario?
Part 2: Session management is used to track user activity, including the login and logout (or the beginning and end of a user session) of a web application, otherwise known as "state." Because HTTP is a stateless technology, HTTP has no inherent method of tracking state or managing sessions. Therefore, session data is managed by the server (Sessions) or is read from the browser (Cookies). There are advantage and disadvantages to both methods.
- Please respond to all of the following prompts:
- Identify the pros and cons of using cookies.
- Identify the pros and cons of using Sessions.
- Choose a major website and research and describe how it uses sessions and/or cookies to manage user activity.
- Parts are separate