FiltersDone

Question type

Essay

Multiple Choice

Short Answer

True False

Matching

Exam 11: Software Security

Show Answer

Share

---

All types

Filters

Study FlashcardsPractice ExamLearn

Question 1

Multiple Choice

Review LaterAdd Note

Review Later

The most common variant of injecting malicious script content into pages returned to users by the targeted sites is the _________ vulnerability.

A) XSS reflection
B) chroot jail
C) atomic bomb
D) PHP file inclusion

Correct Answer

verified

Show Answer

Question 2

True/False

Review LaterAdd Note

Review Later

A difference between defensive programming and normal practices isthat everything is assumed.

Correct Answer

verified

False

Question 3

Short Answer

Review LaterAdd Note

A ________ occurs when multiple processes and threads compete to gain uncontrolled access to some resource.

Without suitable synchronization of accesses it is possible that valuesmay be corrupted, or changes lost, due to over-lapping access, use, and replacement of shared values.

__________ attacks are vulnerabilities involving the inclusion of script code in the HTML content of a Web page displayed by a user's browser.

A _________ attack occurs when the input is used in the construction of a command that is subsequently executed by the system with the privileges of the Web server.

Many computer security vulnerabilities result from poor programmingpractices.

Blocking assignment of form field values to global variables is one of the defenses available to prevent a __________ attack.

The correct implementation in the case of an atomic operation is totest separately for the presence of the lockfile and to not always attempt to create it.

Security flaws occur as a consequence of sufficient checking andvalidation of data and error codes in programs.

In the ________ attack the user supplied input is used to construct a SQL request to retrieve information from a database.

The intent of ________ is to determine whether the program or function correctly handles all abnormal inputs or whether it crashes or otherwise fails to respond appropriately.

"Failure to Preserve SQL Query Structure" is in the __________ CWE/SANS software error category.

Defensive programming requires a changed mindset to traditionalprogramming practices.

Program _______ refers to any source of data that originates outside the program and whose value is not explicitly known by the programmer when the code was written.

The major advantage of ________ is its simplicity and its freedom from assumptions about the expected input to any program, service, or function.

To counter XSS attacks a defensive programmer needs to explicitlyidentify any assumptions as to the form of input and to verify that anyinput data conform to those assumptions before any use of the data.

Software security is closely related to software quality and reliability.

Injection attacks variants can occur whenever one program invokes theservices of another program, service, or function and passes to itexternally sourced, potentially untrusted information without sufficientinspection and validation of it.

A variant where the attacker includes malicious script content in data supplied to a site is the __________ vulnerability.