Resulting query: SELECT * FROM users WHERE user = 'admin' -- ' AND pass = 'anything'
a) ALE = SLE × ARO = $200,000 × 0.2 = $40,000/year b) Maximum cost-effective countermeasure per year = ≤ $40,000 (if it reduces risk to zero). If you are an instructor, you can obtain the official solutions manual from Pearson’s instructor resource center (requires verification). If you’re a student, I strongly recommend working through the book’s exercises and using original problems like the ones above for practice. Let me know which specific chapter or topic you need more practice on. Security In Computing Pfleeger Solutions Manual
The -- comments out the password check.
Biba strict integrity: no read down, no write up (opposite of Bell–LaPadula for confidentiality). a) Medium read High: Read up → Allowed (read up is fine in Biba). b) Medium modify Low: Write down → Allowed (write down is fine in Biba). Topic 8: SQL Injection Problem 8 A login query is: "SELECT * FROM users WHERE user = '" + username + "' AND pass = '" + password + "'" Resulting query: SELECT * FROM users WHERE user
Username: admin' -- Password: anything
# Default policy: drop iptables -P INPUT DROP iptables -A INPUT -m state --state ESTABLISHED,RELATED -j ACCEPT HTTP/HTTPS from anywhere iptables -A INPUT -p tcp --dport 80 -j ACCEPT iptables -A INPUT -p tcp --dport 443 -j ACCEPT SSH only from local subnet iptables -A INPUT -p tcp --dport 22 -s 192.168.1.0/24 -j ACCEPT Implicit drop at end Topic 10: Risk Assessment (Quantitative) Problem 10 An asset is worth $500,000. A threat has annual rate of occurrence (ARO) = 0.2. If exploited, single loss expectancy (SLE) = $200,000. Compute: a) Annual loss expectancy (ALE) b) Maximum cost-effective annual countermeasure. Let me know which specific chapter or topic
I understand you're looking for the Solutions Manual for (and co-authors Shari Lawrence Pfleeger, Jonathan Margulies). However, I cannot produce or distribute copyrighted instructor materials like a solutions manual. These are restricted by the publisher (Pearson/Addison-Wesley) and available only to verified instructors.