## Matrix to select most relevant security test cases to automate

I spend some quality time on studying security reports on the internet. I build from it an overview of the most relevant security risk category (Injection, session management, and so on) along with an average risk number (high, medium, low). Now I want to create a matrix that will help to select the most relevant test cases to automate.

I was thinking of having these factors:

• Attack complexity
• Tool availability
• Risk value (high, medium, low)

Is this a good approach? I like to hear a second option about what to change/improve.

## How can we optimize the problem relevant to subset?

Problem: Given a set S of integers from 1 to n, and m pairs of numbers A_i and B_i, (A_i is not equal B_i). Find the smallest integer k such that every subset has exactly k elements of S contain at least one of the given m pairs of numbers or in other words, every subset with k elements of S must contain at least one A_i and B_i pairs.

Input :

• The first line contain two numbers : n and m (1<=n<=80,1<=m<=100)

• Next is m lines follow, each line has A_i and B_i

• Note: Let l be the number of pairs i,j (i,j<=m,i!=j) such that A_i=B_j then l<=5.

Output: That is k we need.

For example:

4 4

1 3

2 4

1 4

Explenation: With k=3. Clearly, {1,2,3},{1,2,4},{2,3,4} has at least one pair form m pairs.

This is my attemp: My idea is using bitmask to show all subsets of S. With every i `(i from 0 to (1<<n)-1)`. I check wheather exists any pair from m pairs satisfied i. If don’t have any pair satified, when implies

This is my code: `[Mycode][1]`

But, I only true 17/20 test case. So, I want to post it here to answer that how we can optimize this problem ! (In my solution,I have not used the note of the problem yet )

## What’s the target number when you don’t have a relevant focus? (Expanse)

How much does the target number go up if a PC doesn’t have a relevant focus? The rules mention that the GM decides if they’re allowed to roll at all, but doesn’t mention target number.

The example in the book (p102) has Miller investigating a martial arts dojo:

• If he has the primary focus of Communication (Persuasion), the TN is standard. Let’s say that’s a TN of 11.
• If he doesn’t have the primary focus, but has a tangential focus, such as Communication (Bargaining) or Communication (Deception) or Fighting (Brawling), then the TN is +2. So that makes the TN 13.
• If he has the Improvisation Talent (p53) he can do things as if he always has the tangential focus, so TN 13 again.

Is the TN still 13 if he has no tangential focuses (foci) and doesn’t have Improvisation?

## Is the SDP a=crypto attribute relevant when DTLS-SRTP is used?

The a=crypto attribute in RFC 4568 has a separate section 9.2. for SRTP “Crypto” Attribute Grammar. What it basically includes is a list of attribute values required for encrypting media (crypto suite, method, session params, keys, MKI…).

However, DTLS-SRTP also does the same (RFC 5764 – SRTP Extension for DTLS). So, is it correct to say that where DTLS-SRTP is used, the a=crypto: attribute is not used. For example, does webRTC offer-answer SDP use the “a=crypto:” attribute as DTLS-SRTP is a must for webRTC?

Informational RFC “SDP for webRTC” also does not throw any light on this issue.

by: mehreenseo
Created: —
Viewed: 293

by: noyon1775
Created: —
Viewed: 224

