The secure coding best practice that requires authentication before allowing any files to be uploaded, and limits the types of files to only those needed for the business purpose, falls under the category of File Management. This practice is crucial for preventing unauthorized file uploads, which can be a common vector for attacks such as uploading malicious files or scripts. By enforcing authentication, the application ensures that only legitimate users can upload files. Additionally, restricting the file types to those necessary for business operations minimizes the risk of uploading potentially harmful files that could compromise the system.
References:
* OWASP Secure Coding Practices1
* File Upload Security Best Practices | CodeHandbook2
* File Upload Protection - 10 Best Practices for Preventing ... - OPSWAT3

The three primary goals of the secure software development process, often referred to as the CIA triad, are confidentiality, integrity, and availability. These principles form the cornerstone of security considerations in the software development life cycle (SDLC).
* Confidentiality ensures that sensitive information is accessed only by authorized individuals and systems. This involves implementing access controls and encryption to protect data from unauthorized access.
* Integrity refers to maintaining the accuracy and consistency of data across its lifecycle. This means that the data is not altered or tampered with by unauthorized entities. Techniques like checksums and digital signatures help ensure data integrity.
* Availability ensures that information and resources are accessible to authorized users when needed. This involves creating resilient systems that can withstand attacks and recover quickly from any disruptions.
By integrating these security goals into each phase of the SDLC, from planning and design to development, testing, and maintenance, organizations can create more secure software systems that are resilient to cyber threats.
References: The information provided here is verified as per the Secure Software Design documents and best practices in the field, as outlined by sources such as Snyk1, GeeksforGeeks2, and SAFECode3.

Fuzz testing is the ideal technique in this scenario. Here's why:
* Focus on Integrations: The scenario emphasizes testing links between the software, databases, web servers, and web services. Fuzz testing is specifically designed to find vulnerabilities in how software handles data and communication between components.
* Pre-release Testing: The product being close to release indicates a critical need to identify security flaws before public deployment. Fuzz testing is effective in uncovering unexpected behavior and potential vulnerabilities.
* Fuzz Testing Targets: Fuzz testing works by injecting invalid or unexpected data into interfaces (like those between databases, web components, etc.) to observe how the software reacts. This helps expose potential security gaps and weaknesses.

The security testing technique that involves using a testing tool to scan a running application for known exploit signatures is known as Automated Vulnerability Scanning. This method is part of dynamic analysis, which assesses the software in its running state to identify vulnerabilities that could be exploited by attackers. Automated vulnerability scanning tools are designed to detect and report known vulnerabilities bycomparing the behavior and outputs of the application against a database of known exploit signatures1.
References: 1: Application Security Testing: Tools, Types and Best Practices | GitHub

Authentication is the most effective control for the scenario because it directly addresses who is using the public computers:
* User Identification: Authentication requires users to identify themselves (e.g., library card, login credentials) before accessing the computers. This links actions to specific individuals, making it easier to control unauthorized activity.
* Policy Enforcement: Combined with other controls (e.g., content filtering), authentication enables the library to implement policies restricting downloads. If users violate the policy, their identities can be used for consequences.
* Deterrent: Knowing they can be identified discourages users from attempting illegal downloads.