diff --git a/year4/semester1/CT417/notes/CT417-Notes.pdf b/year4/semester1/CT417/notes/CT417-Notes.pdf index c161f2c4..864e138e 100644 Binary files a/year4/semester1/CT417/notes/CT417-Notes.pdf and b/year4/semester1/CT417/notes/CT417-Notes.pdf differ diff --git a/year4/semester1/CT417/notes/CT417-Notes.tex b/year4/semester1/CT417/notes/CT417-Notes.tex index 39e9f028..98c1b48a 100644 --- a/year4/semester1/CT417/notes/CT417-Notes.tex +++ b/year4/semester1/CT417/notes/CT417-Notes.tex @@ -1366,27 +1366,43 @@ Code implementation without a solid design is dangerous \& costly. Widely accepted solutions to these recurring architectural design problems are referred to as \textbf{architectural patterns}. \section{Exam Spoilers} -\begin{itemize} - \item Answer 3/4 questions. - \item Question 1 is easy, can do without studying just need logic. - \item YAML GH Action config provided: explain what it's doing - \item Basic Git commands; check status, fetch stuff, rebase if necessary. - \item Propose some specific step in CI/CD in order to develop app. - \item Each question is different devsecops phases for the same app for a company. - \item Q2: Static vs Dynamic testing. - \item How SonarQube improve app development. - \item Need to know what can cause a failure in dynamic tests, e.g., in OW Zap. - \item Debate on whether or not it's good to have high or low test coverage. - \item Q3: What is the meaning of vulnerability and countermeasure. - \item What is zero day vulnerability and the five stages. - Answer in Jack Bower slide. - \item Question on buffer overflow. - What is it, how to resolve it, explain how it happens, etc. - If you draw a picture of the stack he won't read the text, instant 5 marks. - \item Last question: API first + design patterns, conceptual. - Why is design patterns important, benefits. - Benefits are the same regardless of pattern. - Refactor code based on a pattern; will only be within the 6 we discussed and not singleton, so one of 5. -\end{itemize} +Answer 3/4 questions. +Each question is different devsecops phases for the same app for a company. + +\begin{enumerate} + \item Question 1: + \begin{itemize} + \item Question 1 is easy, can do without studying just need logic. + \item YAML GH Action config provided: explain what it's doing + \item Basic Git commands; check status, fetch stuff, rebase if necessary. + \item Propose some specific step in CI/CD in order to develop app. + \end{itemize} + + \item Question 2: + \begin{itemize} + \item Static vs Dynamic testing. + \item How SonarQube improves app development. + \item Need to know what can cause a failure in dynamic tests, e.g., in OWASP ZAP. + \item Debate on whether it's good to have high or low test coverage. + \end{itemize} + + \item Question 3: + \begin{itemize} + \item What is the meaning of vulnerability and countermeasure. + \item What is zero day vulnerability and the five stages. + Answer in Jack Bower slide. + \item Question on buffer overflow. + What is it, how to resolve it, explain how it happens, etc. + If you draw a picture of the stack he won't read the text, instant 5 marks. + \end{itemize} + + \item Question 4: + \begin{itemize} + \item API first + design patterns, conceptual. + \item Why is design patterns important, benefits. + Benefits are the same regardless of pattern. + \item Refactor code based on a pattern; will only be within the 6 we discussed and not singleton, so one of 5. + \end{itemize} +\end{enumerate} \end{document}