Fundamentals & Requirements

Question 1

what is Translating User Requirements into Secure Specs

Answer 1

Converting user needs into specific, secure system requirements

Example – Login:
Requirement: “Users must log in”
Spec: Use multi-factor authentication and secure password hashing
Example – Payment:
Requirement: “Users can make payments”
Spec: Use TLS encryption, PCI-DSS compliance, tokenization

Question 2

User-Centered Security Testing

Answer 2

Focuses on how users interact with security features.

4 Key Questions:
Can users see the security features?
Are they easy to understand?
Are errors easy to make?
Are alerts and messages clear?
Example: A session timeout warning that users understand and act on.

Question 3

security & usability Role of User Feedback

Answer 3

What it is: Gathering input from users to improve security & usability.
Examples:
Password rules too strict → users bypass security → rules improved
Confusing error messages → rewritten for clarity and protection

Question 4

What are the CIA Triad in Secure Coding

Answer 4

Confidentiality: Prevent unauthorized access (e.g., encryption)
Integrity: Prevent tampering (e.g., hashing, checksums)
Availability: Ensure systems stay up (e.g., backups, failover)
Why: CIA guides secure software architecture and coding practices

Question 5

How to Secure Debugging Practices

Answer 5

Avoid logging sensitive data
E.g., never log passwords or tokens
Disable debug tools in production
E.g., remove Django debug toolbar
Conduct security-focused code reviews
E.g., check for access control flaws, not just bugs