(8) Securely Coding Flashcards
When it comes to secure coding issues, describe deferencing
Deferencing is normally due to a null pointer issue, it means that if there is a value of NULL (isn’t set) it can cause a crash of the program unless an error handler is present
When it comes to secure coding issues, describe deferencing
Deferencing is normally due to a null pointer issue, it means that if there is a value of NULL (isn’t set) it can cause a crash of the program unless an error handler is present
When it comes to secure coding issues, what is an insecure object reference?
An insecure object reference is when an app exposes information about internal objects, which lets bad people see how the object is identified and stored on the back end. Bad peeps can then use this information to go after other items.
When it comes to secure coding issues, what is a race condition?
Race conditions are all about timing. An app has to do something and may be sensitive to what is happening or has happened to an object. Race conditions aren’t reliable, but they can be very impactful and can result in attackers achieving in their goal
In relation to common software security issues, describe broken authentication
With broken authentication, authentication can allow attackers who are not logged in or who are not logged in with the proper rights, have access to resources. Strong authentication and authorization is an important part of coding
In terms of insecure coding practices, describe sensitive data exposure
Sensitive data exposure can happen when any number of flaws are taken advantage of. The simple example of this is when apps don’t protect data properly.
In terms of insecure coding practices, describe insecure components
Insecure components comprise a ton of issues that are possible when a component of an application has a security weakness, it opens the entire app to that weakness. Avoiding this take an understanding of the components and modules that make up an application
When it comes to secure coding practices, describe insufficient logging and monitoring
Insufficient logging and monitoring is about being able to see what happened when something goes wrong. The app needs to be coded to log events properly
When it comes to securing coding practices, describe weak or default configurations
Walk or default configurations happen when apps are not properly set up or when default settings or used. Default settings include having a default password or other default settings.
In terms of secure coding practices, describe use of insecure functions
Using functions that not secure (such as those that don’t have security features built in), can make it easier for attackers to target and succeed in their attacks
