Brainscape's Knowledge GenomeTM


Top Flashcards (Certified)
All Flashcards

Software Development > Coding Practices > Flashcards

Coding Practices Flashcards

1
Q

Coding Practices

Is there any software hosted by LabLynx that doesn’t utilize some form of untrusted input?

A

No. This includes integrations, where a file name or data from an API might contain data that should be considered untrusted.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

Coding Practices

Can bad inputs compromise security?

A

Yes. Sql Injection and XSS are two examples. Typically, an escape character is included, followed by a command that might be executed,

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

Coding Practices

Can bad inputs compromise software performance or reliability?

A

Yes. Bad data can cause errors that are tough to trace down in front end, backend and integration services.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Coding Practices

What hazardous characters might cause issues in inputs?

A

Escape characters, which are different for each language.
Special, reserved characters.
new line and null characters
Path alteration characters (dot dot slash)
OWasp Coding Practices has list of common characters

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Coding Practices

Can data type and data length result in inputs cause application problems, or security problems?

A

Yes. Unvalidated types and lengths can cause problems from user confusion to application errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

Coding Practices

What techniques might be used to ensure input is “safe”

A

Alerts to users that input is invalid
Escaping / sanitizing all inputs
Encoding data placed in form inputs, by application or user
Using parameterized database queries. ORMs build this in.
Ensure consistent text encoding between application layers (UTF8, ASCII, etc)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Coding Practices

When should consideration be made to input validation?

A

For all work, at all times. If not included in specifications, it remains in scope for development and QC.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Coding Practices

When errors occur, what should be presented to users, if due to user activity?

A

Generic information. This may suggest an action to take. It should not provide information that might be used to compromise the system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Coding Practices

When errors occur, what should be logged?

A

The error, as well as any associated information that would provide information about a specific record, or file, or API I/O relevant to understanding what data, and where in the process the error occurred. Date, time, and, where applicable, the user.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Coding Practices

What type of HTTP method should be used when transmitting authentication credentials?

A

POST

How well did you know this?
1
Not at all
2
3
4
5
Perfectly

Software Development (6 decks)

Brainscape helps you reach your goals faster, through stronger study habits.
© 2025 Bold Learning Solutions. Terms and Conditions