The company's website uses querystring parameters to filter products by
category. The URL, when filtering on a product category, looks like this:
company.com/products?category=2.If the security team saw a URL of
company.com/products?category=2 OR 1=1 in the logs, what assumption should
they make?
An attacker is attempting to enter invalid characters in a textbox on the products
page.
An attacker is attempting to use SQL injection to gain access to information.
An attacker is attempting to force the application to throw an exception so they
may view exploitable information.
An attacker is attempting to access the system using credentials that do not
belong to them.
An attacker is attempting to use SQL injection to gain access to information.
An SQL injection attack attempts to gain access to information with malformed
query parameters.
,Which post-release support activity (PRSA) details the process for investigating,
mitigating, and communicating findings when security vulnerabilities are
discovered in a software product?
Internal review for new product combinations or cloud deployment
Third-party reviews
Post-release certifications
External vulnerability disclosure response
External vulnerability disclosure response
The external vulnerability disclosure response (PRSA1) defines processes to
evaluate and mitigate security vulnerabilities discovered after release. It also
details how the organization will communicate to customers.
Which post-release support key success factor says that any change or
component reuse should trigger security development life cycle activities?
Post-release certifications
SDL cycle for any architectural changes or code reuses
External vulnerability disclosure response process
Third-party reviews
SDL cycle for any architectural changes or code reuses
Any architectural change, code change, or code/component reuse should trigger
SDL activities.
,Which step will you find in the SANS Institute Cyber Defense seven-step recipe for
conducting threat modeling and application risk analysis?
Threat assessment
Conduct a BSIMM assessment
Demonstrate improvement
Brainstorm threats from adversaries
Brainstorm threats from adversaries
Brainstorm threats from adversaries is step 4 in the SANS Institute recipe.
In which OpenSAMM core practice area would one find environment hardening?
Governance
Deployment
Verification
Construction
Deployment
The deployment core practice area contains environment hardening, vulnerability
management, and operational enablement.
What are the two common best principles of software applications in the
development process? Choose 2 answers.
Quality code
, Secure code
Information security
Integrity
Availability
Quality code
Secure code
"Quality code" is correct. Quality code is efficient code that is easy to maintain
and reusable.
"Secure code" is correct. Secure code authorizes and authenticates every user
transaction, logs the transaction, and denies all unauthorized requisitions.
What ensures that the user has the appropriate role and privilege to view data?
Authentication
Multi-factor authentication
Encryption
Information security
Authorization
Authorization
Authorization ensures a user's information and credentials are approved by the
system.
The benefits of buying summaries with Stuvia:
Guaranteed quality through customer reviews
Stuvia customers have reviewed more than 700,000 summaries. This how you know that you are buying the best documents.
Quick and easy check-out
You can quickly pay through credit card or Stuvia-credit for the summaries. There is no membership needed.
Focus on what matters
Your fellow students write the study notes themselves, which is why the documents are always reliable and up-to-date. This ensures you quickly get to the core!
Frequently asked questions
What do I get when I buy this document?
You get a PDF, available immediately after your purchase. The purchased document is accessible anytime, anywhere and indefinitely through your profile.
Satisfaction guarantee: how does it work?
Our satisfaction guarantee ensures that you always find a study document that suits you well. You fill out a form, and our customer service team takes care of the rest.
Who am I buying these notes from?
Stuvia is a marketplace, so you are not buying this document from us, but from seller Teacher101. Stuvia facilitates payment to the seller.
Will I be stuck with a subscription?
No, you only buy these notes for $17.99. You're not tied to anything after your purchase.