quiz 2

Question 1

Denial-of-service (DoS) attack

Answer 1

an attack against a network resource that aims to prevent, disrupt, or delay authorized users from accessing the network resource

Question 2

Distributed Denial-of-Service (DDoS) attack

Answer 2

a DoS attack that is simultaneously launched from multiple systems.

Question 3

Network-based DDoS attack

Answer 3

a DDoS attack that aims to exhaust the target system’s network bandwidth

Question 4

Protocol-based DDoS attack

Answer 4

a DDoS attack that aims to exhaust the target system’s network resources or the resources of a network infrastructure equipment, such as a firewall or a load balancer. Exploits the weaknesses of network layer (OSI layer 3) and transport layer (OSI layer 4) protocols to create maliciously configured protocol packets.

Question 5

Application layer DDoS attack

Answer 5

a DDoS attack that aims to exhaust specific functions or features of a program.

Question 6

Domain name system (DNS)

Answer 6

a hierarchical and decentralized naming system for identifying and locating the resources connected to a network.

Question 7

DNS resolution

Answer 7

process of translating or resolving a domain name to an IP address

Question 8

DNS zone

Answer 8

a portion of a DNS namespace that is managed by an administrator or specific organization.

Question 9

authoritative name server

Answer 9

a DNS server that manages a domain’s configuration, also known as the domain’s DNS record.

Question 10

Domain reputation

Answer 10

a measure of a domain’s trustworthiness based on historical data on the domain.

Question 11

Domain hijacking

Answer 11

the act of changing the registration information of a domain without the knowledge or consent of the domain owner.

Question 12

URL redirection

Answer 12

the act of using a URL to divert a user to a malicious website

Question 13

DNS poisoning

Answer 13

an attack that aims to redirect a user to a malicious website by modifying the user’s DNS query

Question 14

Data origin authentication

Answer 14

A DNS client is assured that DNS data originated from the zone owner.

Question 15

Domain Name System Security Extensions

Answer 15

a set of extensions to DNS that provide a DNS resolver cryptographic authentication of DNS data using digital signatures

Question 16

Data integrity

Answer 16

A DNS client is assured that DNS data has not been modified in transit.

Question 17

data link layer

Answer 17

facilitates data transfer between two connected devices on the same network. responsible for flow control and the detection and correction of errors that may occur in the physical layer

Question 18

media access control (MAC) address

Answer 18

a unique 48-bit identifier assigned to a network device

Question 18

address resolution protocol (ARP)

Answer 18

a protocol used for resolving an internet address (Layer 3) into a MAC address (Layer 2)

Question 19

ARP cache table

Answer 19

a table that maps an internet address to the internet address’ corresponding MAC address.

Question 20

Address resolution protocol (ARP) poisoning

Answer 20

an attack in which an attacker sends spoofed ARP messages on a local area network (LAN) to associate the attacker’s MAC address with the IP address of a target host on the LAN

Question 21

Media access control (MAC) flooding

Answer 21

an attack in which a large number of invalid MAC addresses are sent to a network switch with the aim of overwriting the switch’s MAC table.

Question 22

MAC cloning

Answer 22

the act of changing the factory-assigned MAC address of a network device

Question 22

Man-In-The-Middle (MITM) attack

Answer 22

an attack in which an attacker eavesdrops or modifies the communications between two parties. operates at the network layer (Layer 3)

Question 23

MAC table

Answer 23

a table that maps each network device’s MAC address to a physical port on a switch

Question 24

Unicast flooding

Answer 24

a switch’s broadcast of a packet on all the switch’s ports. Unicast flooding enables an attacker to gain access to all data packets on a LAN.

Question 25

secure channel

Answer 25

a communication channel that guarantees data authenticity and data confidentiality.

Question 26

Man-In-The-Browser (MITB) attack

Answer 26

a type of MITM attack that uses malware to intercept or modify messages exchanged between a web browser and a web server.most often used to steal financial information by modifying a user’s communications with an Internet banking website.

Question 27

POPS

Answer 27

uses SSL/TLS to secure communications between a POP client and a POP server.

Question 27

Post office protocol (POP)

Answer 27

an Internet standard protocol used by an email client to retrieve an email from a mail server. does not support the sending of an email

Question 28

Internet message access protocol (IMAP)

Answer 28

an Internet standard protocol used by an email client to retrieve an email from a mail server.

Question 29

IMAPS

Answer 29

uses SSL/TLS to secure communications between an IMAP client and an IMAP server.

Question 30

Multipurpose Internet Mail Extensions (MIME)

Answer 30

an Internet standard that extends the format of an email message to support non-ASCII character sets and multimedia attachments

Question 31

Secure/Multipurpose Internet Mail Extensions (S/MIME)

Answer 31

an Internet standard for signing and encrypting MIME data.

Question 32

Secure shell protocol (SSH)

Answer 32

a cryptographic network protocol for securely operating a network service over an insecure network.

Question 33

Protocol tunneling

Answer 33

the encapsulation of a protocol’s packets within the packets of another protocol.

Question 34

FTPS

Answer 34

an extension to the file transfer protocol (FTP) that uses SSL/TLS to provide communication security.

Question 35

SSH file transfer protocol (SFTP)

Answer 35

an extension of the SSH protocol that enables secure file transfer capabilities between networked hosts

Question 36

Secure real-time transport protocol (SRTP)

Answer 36

a protocol for secure delivery of voice and video services over an IP network.

Question 37

Lightweight directory access protocol (LDAP)

Answer 37

a protocol for accessing and maintaining distributed directory information services over an IP network

Question 38

LDAPS

Answer 38

uses SSL/TLS to protect LDAP transmissions

Question 39

LDAP injection attack

Answer 39

an attack in which an attacker exploits input validation vulnerabilities to construct and execute an unauthorized LDAP query

Question 40

Hypertext transfer protocol secure (HTTPS)

Answer 40

an extension of the hypertext transfer protocol (HTTP) that uses SSL/TLS to establish an authenticated and encrypted connection between a client and a server.

Question 41

Internet Protocol Security (IPSec)

Answer 41

a protocol suite for securing data communications over an IP network.

Question 42

Authentication Header (AH)

Answer 42

an IPSec protocol that provides authentication and integrity for an IP packet and protection against a replay attack

Question 43

Encapsulating Security Protocol (ESP)

Answer 43

an IPSec protocol that provides authentication, integrity, and confidentiality for an IP packet and protection against a replay attack

Question 44

Transport mode

Answer 44

an IPSec mode in which only an IP payload is authenticated and encrypted, not the IP header.

Question 45

Tunnel mode

Answer 45

an IPSec mode in which an IP packet (IP header and IP payload) is authenticated, encrypted, and encapsulated in a tunneling protocol

Question 46

Network segmentation

Answer 46

the act of partitioning a network into segments. Network segmentation is used to create security zones

Question 47

security zone

Answer 47

a network segment that has specific security requirements.

Question 48

trusted zone

Answer 48

a security zone that contains protected network resources that should only be accessible by an authorized user or system.

Question 48

untrusted zone

Answer 48

a security zone that is outside an organization’s control

Question 48

virtual local area network (VLAN)

Answer 48

a broadcast domain that is segmented at the data link layer.

Question 49

jump server

Answer 49

a minimally configured server in a security zone that is used for managing the hosts in the security zone

Question 49

demilitarized zone

Answer 49

a security zone that lies between a trusted and an untrusted zone.

Question 50

Port-based VLAN

Answer 50

a VLAN in which a host is connected to a specific switch port that is assigned to a VLAN

Question 51

Protocol-based VLAN

Answer 51

a VLAN in which protocol types are used to assign a host to a VLAN

Question 52

MAC-based VLAN

Answer 52

a VLAN in which a host’s MAC address is used to assign the host to a VLAN.

Question 53

firewall

Answer 53

a network device or a software program that controls inbound and outbound traffic based on a set of rules

Question 54

hardware firewall

Answer 54

a firewall that is implemented in a physical device

Question 55

software firewall

Answer 55

a firewall that is implemented in software and runs on a general-purpose computer

Question 56

open-source firewall

Answer 56

software firewall with freely available source code that can be modified and redistributed

Question 57

proprietary firewall

Answer 57

a firewall that is built by an entity that has exclusive rights to the firewall

Question 58

stateless firewall

Answer 58

a firewall that allows or blocks a packet based on the information in the packet header

Question 59

access control list (ACL)

Answer 59

a list of rules used by a firewall to control inbound and outbound network traffic

Question 60

stateful firewall

Answer 60

a firewall that monitors and tracks active network connection sessions and blocks a packet that does not belong to an active session

Question 61

unified threat management (UTM)

Answer 61

a security appliance that provides multiple security functions at a single point on a network

Question 62

next-generation firewall (NGFW)

Answer 62

a firewall that combines the functionality of a packet filtering firewall with other technologies to detect and block a network attack

Question 63

virtual firewall

Answer 63

a software or hardware firewall that provides packet filtering within a virtualized environment

Question 64

Hypervisor mode

Answer 64

a virtual firewall mode in which a firewall resides in a host’s hypervisor kernel and monitors and controls inbound/outbound traffic on the virtual machines running on the host.

Question 65

Bridge mode

Answer 65

a virtual firewall mode in which a firewall runs on a virtual machine and monitors and controls inbound/outbound traffic on the virtual machine.

Question 66

host-based firewall

Answer 66

a software firewall that runs on a host and controls the host’s inbound and outbound network traffic

Question 67

network address translation (NAT) gateway

Answer 67

a device that enables multiple hosts with private IP addresses to connect to the Internet using a single public IP address.

Question 67

web application firewall (WAF)

Answer 67

a specific form of application firewall that monitors and filters HTTP and HTTPS traffic between a web application and the Internet

Question 68

application firewall

Answer 68

a firewall that controls an application’s input and output.

Question 69

URL filtering

Answer 69

he act of blocking access to a URL

Question 70

intrusion detection system (IDS)

Answer 70

a device or a software application that detects a malicious activity or a security policy violation in a system

Question 71

Content filtering

Answer 71

the act of blocking access to content based on predefined criteria.

Question 72

Network Intrusion Detection System (NIDS)

Answer 72

an IDS that detects a threat to a network.

Question 73

Network Intrusion Prevention system (NIPS)

Answer 73

a NIDS that blocks a threat to a network.

Question 73

host-based intrusion detection system (HIDS)

Answer 73

an IDS that detects a threat to a host

Question 74

Inline mode

Answer 74

a NIDS/NIPS deployment mode in which network traffic is passed through a NIDS/NIPS

Question 75

Passive mode

Answer 75

a NIDS/NIPS deployment mode in which a NIDS/NIPS receives a copy of network traffic.

Question 76

Signature-based detection

Answer 76

a detection method that detects an attack by using the attack’s pattern

Question 77

Anomaly-based detection

Answer 77

a detection method that detects an attack by identifying a network state that is different from the network’s normal state

Question 78

Behavior-based detection

Answer 78

a detection method that detects an attack by searching for a specific pattern that matches a threat behavior

Question 79

Heuristic-based detection

Answer 79

a detection method that detects an attack by adaptive techniques

Question 80

virtual private network (VPN)

Answer 80

a service using encryption to connect devices over a public network

Question 81

site-to-site VPN

Answer 81

a connection between two or more networks

Question 82

client-to-site VPN

Answer 82

a connection between a client computer and a remote router.

Question 83

Transport Layer Security (TLS)

Answer 83

Communication on HTTPS is encrypted through the use of

Question 83

full tunnel

Answer 83

routes and encrypts all network traffic through the VPN, regardless of where the VPN service is hosted

Question 84

split tunnel

Answer 84

routes and encrypts all non-internet network traffic over the VPN

Question 85

HTTPS (Hypertext Transfer Protocol Secure)

Answer 85

Security on the web is provided through the use of

Question 86

Secure Sockets Layer

Answer 86

In the past, communication was encrypted through the use of the

Question 87

Layer 2 Tunneling Protocol (L2TP

Answer 87

a mechanism for setting up VPN tunnels at the data link layer.

Question 87

broadcast storm

Answer 87

the occurrence of a large number of broadcast and multicast packets on a network within a short time period.

Question 88

bridge protocol data unit (BPDU)

Answer 88

a packet exchanged between switches on a local area network (LAN) to detect the network’s loops

Question 88

bridge protocol data unit (BPDU) guard

Answer 88

a control mechanism for preventing a BPDU packet from entering a switch port.

Question 88

Broadcast storm prevention

Answer 88

the act of preventing or reducing packet rebroadcasts on a LAN.

Question 89

network loop

Answer 89

a network topology in which more than one path exists between two network endpoints

Question 90

Dynamic host configuration protocol (DHCP)

Answer 90

a network management protocol used for automating the assignment of IP addresses and network configuration parameters to devices on an IP network.

Question 91

Dynamic host configuration protocol (DHCP) snooping

Answer 91

a Layer 2 control for preventing an unauthorized or rogue DHCP server from offering network configuration parameters to a DHCP client

Question 92

DHCP spoofing attack

Answer 92

an attack in which an attacker configures a rogue DHCP server to send a forged DHCP response to a DHCP request.

Question 93

DHCP starvation attack

Answer 93

an attack that aims to deplete a DHCP server’s IP address pool

Question 94

load balancer

Answer 94

a hardware device or a software program that performs load balancing

Question 95

Load balancing

Answer 95

the act of distributing network or application traffic across multiple servers in a server group

Question 96

Active/active

Answer 96

a load balancer mode in which two load balancers share the workload and distribute traffic across multiple servers.

Question 97

Active/passive

Answer 97

a load balancer mode in which a primary load balancer distributes traffic across multiple servers and a standby load balancer that is activated when the primary load balancer fails.

Question 98

Least connection load balancing

Answer 98

a scheduling algorithm in which data traffic is distributed to a server with the fewest number of active connections.

Question 99

IP hash load balancing

Answer 99

a scheduling algorithm in which data traffic is routed to a specific server based on a client’s IP address.

Question 99

Least response time load balancing

Answer 99

a scheduling algorithm in which data traffic is distributed to a server with the fewest number of active connections and the lowest average response time

Question 100

Round robin load balancing

Answer 100

a scheduling algorithm in which data traffic is distributed across a group of servers sequentially.

Question 101

East-west traffic

Answer 101

the traffic between a data center’s network components.

Question 102

North-south traffic

Answer 102

the traffic that enters or leaves a data center

Question 103

Southbound traffic

Answer 103

the traffic that enters a data center

Question 104

Northbound traffic

Answer 104

the traffic that leaves a data center.

Question 105

intranet

Answer 105

a private network that can only be accessed by an organization’s authorized internal users

Question 106

extranet

Answer 106

a controlled private network that allows access to a subset of an organization’s intranet to the organization’s external partners, vendors, suppliers, and customers

Question 107

Cross-site scripting

Answer 107

a web server security vulnerability that enables the injection of client-side scripts into a web server’s web pages.

Question 108

reflected cross-site scripting

Answer 108

a cross-site scripting attack in which an injected script is returned to a client in response to an HTTP request by the client.

Question 109

Document object model (DOM)

Answer 109

a standard object model and programming interface for HTML. DOM defines how to get, change, add, or delete HTML elements.

Question 109

stored cross-site scripting

Answer 109

a cross-site scripting attack in which a malicious script is stored on a web server’s back-end database and returned to all clients that request the web pages containing the script

Question 110

DOM-based cross-site scripting

Answer 110

a cross-site scripting attack in which the source and destination of the attack is the client web browser

Question 111

cross-site request forgery (CSRF)

Answer 111

an attack in which an attacker sends a forged request to a web application on behalf of an authenticated user.

Question 112

server-side request forgery (SSRF)

Answer 112

an attack in which an attacker sends forged requests from a web application’s server to other servers. In an SSRF attack, an attacker tricks a server into making an unauthorized request.

Question 113

data buffer

Answer 113

a memory region used for temporarily storing data while the data is being transferred from one memory location to another

Question 114

buffer overflow

Answer 114

a programming error condition that occurs when the size of the data to be stored in a buffer is larger than the buffer size.

Question 115

Improper input handling

Answer 115

a program’s insufficient validity checking of user input

Question 116

data type

Answer 116

a data attribute that specifies how the data is intended to be used in a program

Question 117

integer overflow

Answer 117

a programming error condition that occurs when the result of an integer operation is greater than the maximum size, or less than the minimum size of the integer type used to store the result.

Question 118

Memory management

Answer 118

the process of controlling and coordinating a computer’s memory

Question 119

Stack

Answer 119

memory that stores local variables and is used for static memory allocation

Question 120

Heap

Answer 120

memory that stores global variables and is used for dynamic memory allocation

Question 121

memory leak

Answer 121

an occurrence in which a program allocates heap memory but does not deallocate the memory when the memory is no longer needed

Question 122

pointer

Answer 122

a program variable that stores a memory address.

Question 123

pointer dereferencing

Answer 123

the act of obtaining the value stored at the memory location pointed to by the pointer.

Question 124

Error handling

Answer 124

the process of responding and recovering from error conditions in a program

Question 125

replay attack

Answer 125

a network attack in which a data transmission is intercepted and maliciously repeated or delayed.

Question 126

session ID

Answer 126

a unique number assigned to an authenticated user by a web application

Question 127

session replay attack

Answer 127

a replay attack in which a user’s session ID is used to impersonate the user and perform a fraudulent transaction or activity.

Question 128

New technology LAN manager (NTLM)

Answer 128

a challenge-response authentication protocol.

Question 129

Pass the hash

Answer 129

an attack in which an attacker authenticates to a server or service using the NTLM’s password hash of a user.

Question 130

SQL injection

Answer 130

an injection attack in which an application’s user input fields are used to insert a malicious SQL statement into the application.

Question 130

injection attack

Answer 130

an attack that injects or inserts malicious input into a program or database query.

Question 131

Extensible Markup Language (XML)

Answer 131

a markup language that defines a set of rules for encoding documents in a text-based format.

Question 132

XML injection

Answer 132

an attack that manipulates the logic of an XML-based application

Question 133

dynamic link library

Answer 133

a library of code and data for commonly used functions in a Windows computer.

Question 134

DLL injection

Answer 134

an injection attack in which a process is forced to load and execute malicious DLL code within the process’s address space

Question 135

Lightweight directory access protocol (LDAP)

Answer 135

a protocol for accessing and maintaining distributed directory information services over an IP network.

Question 135

LDAP injection

Answer 135

an attack in which an attacker exploits input validation vulnerabilities to manipulate an LDAP statement executed on an LDAP server

Question 136

race condition

Answer 136

a software event in which multiple concurrently executing processes access a shared resource at the same time

Question 137

Time-of-check (TOC)

Answer 137

the time at which a process checks a shared resource’s state

Question 137

Time-of-check to time-of-use

Answer 137

a class of software errors that are caused by a race condition.

Question 138

Time-of-use (TOU)

Answer 138

the time at which a process uses a shared resource.

Question 139

resource exhaustion attack

Answer 139

an attack that aims to slow down or disable an application by using up the application’s limited resources

Question 140

driver shim

Answer 140

a software library that intercepts and modifies calls to a device driver

Question 141

device driver

Answer 141

a program that controls a computer-connected hardware device.

Question 142

shim attack

Answer 142

an attack in which malicious code is added to a driver shim

Question 143

Refactoring

Answer 143

a set of techniques used for improving a program’s internal structure without changing the program’s behavior.

Question 144

refactoring attack

Answer 144

an attack in which malicious code is added to a device driver through refactoring without changing the device driver’s desired behavior.

Question 145

vertical privilege escalation

Answer 145

privilege escalation in which a lower privilege user or application gains privileges assigned to another user or application with higher privileges

Question 145

Privilege escalation

Answer 145

the act of gaining account privileges beyond those assigned to the account.

Question 145

horizontal privilege escalation

Answer 145

privilege escalation in which a user or application gains privileges assigned to another user or application with the same privileges.

Question 146

root directory

Answer 146

a directory on a web server’s file system that the web server’s users can access

Question 147

Directory traversal

Answer 147

a web application security vulnerability that allows unauthorized users to access files outside of a web server’s root directory

Question 148

system disk

Answer 148

any media that contains part or all of an operating system.

Question 149

application programming interface (API)

Answer 149

a set of functions and protocols for building and integrating different applications and data sets.

Question 150

application programming interface (API) attack

Answer 150

an attack that exploits the vulnerabilities in an application’s API to attack the application or a service

Question 151

development environment

Answer 151

the environment where an application is created, debugged, modified, and improved

Question 151

Secure socket layer stripping (SSL stripping)

Answer 151

an attack that aims to downgrade an attempted HTTPS connection between a web server and client to an HTTP connection

Question 152

environment

Answer 152

the collection of hardware and software used to build an application

Question 153

test environment

Answer 153

the environment where an application is tested against the application’s specification requirements.

Question 154

staging environment

Answer 154

a pre-production environment that mirrors a production environment and contains the final release version of an application

Question 155

Quality assurance

Answer 155

the process of testing an application’s various aspects, including an application’s stability, usability, security, functionality, and performance to ensure that the application meets user requirements

Question 156

production environment

Answer 156

an environment where the release version of an application is deployed and made available to the application’s users.

Question 157

Code signing

Answer 157

the act of digitally signing software by the software’s publisher.

Question 158

Provisioning

Answer 158

the process of moving an application to a production environment and customizing the application configurations.

Question 159

Deprovisioning

Answer 159

the process of removing an application from a production environment.

Question 160

software development kit (SDK)

Answer 160

a collection of software development tools in one package

Question 160

Software versioning

Answer 160

the process of assigning names or numbers to unique states of released software.

Question 161

Secure coding

Answer 161

the practice of developing software in a way that minimizes the risk of creating software vulnerabilities

Question 161

Secure coding techniques

Answer 161

methods designed to improve code security.

Question 161

Version control

Answer 161

the practice of tracking and managing a software’s versions.

Question 161

Dead code

Answer 161

code that can never be executed at run-time, or is executed but whose result is never used in any other computation.

Question 161

third-party library

Answer 161

a reusable software component developed by an entity other than the original publisher of a software development platform

Question 162

Obfuscation

Answer 162

a secure coding technique that makes code difficult to read and harder to understand by modifying the code appearance.

Question 162

Code reuse

Answer 162

the use of existing software to build new software

Question 163

Elasticity

Answer 163

the degree to which a system is able to adapt to workload changes by automatically provisioning and deprovisioning resources.

Question 164

Scalability

Answer 164

the measure of a system’s ability to handle increased demands.

Question 165

Horizontal scalability

Answer 165

scalability which entails adding new systems to an existing infrastructure

Question 166

Vertical scalability

Answer 166

scalability which entails adding resources to existing systems

Question 167

Software diversity

Answer 167

the practice of creating diversity within the software development process with the aim of reducing the extent of software vulnerability exploits

Question 168

Data Exposure

Answer 168

the intentional or unintentional disclosure of information to an unauthorized user or application

Question 169

Database normalization

Answer 169

the process of organizing data in a relational database

Question 170

stored procedure

Answer 170

a group of SQL statements created to perform a specific task.

Question 171

Salting

Answer 171

the process of adding a unique string of characters to a password before hashing the password

Question 171

token vault

Answer 171

a secure storage mechanism that stores a mapping between sensitive data and tokens

Question 171

Hashing

Answer 171

the process of transforming a variable length string to a fixed-size value

Question 172

parameterized query

Answer 172

a query in which placeholders are used for parameters and the parameter values are supplied at execution time

Question 173

Tokenization

Answer 173

the process of substituting a sensitive data element with a non-sensitive data element

Question 173

code review

Answer 173

the process of systematically examining code with the aim of improving code quality.

Question 173

Dynamic code analysis

Answer 173

a code review method that examines code during the code execution.

Question 173

Static code analysis

Answer 173

a code review method that examines code without executing the code

Question 174

Manual code review

Answer 174

the process of performing static code analysis by one or more code reviewers.

Question 175

Fuzzing

Answer 175

an automated software testing technique for finding software bugs and vulnerabilities by feeding invalid and random data into software.

Question 175

Development operations

Answer 175

a set of practices and tools that automate and integrate software development and IT operations.

Question 176

fuzzer

Answer 176

a program that automatically generates random data for software testing.

Question 177

Continuous integration

Answer 177

the practice of frequently merging new and modified code from multiple developers into a single software project.

Question 178

Continuous delivery

Answer 178

the practice of frequently releasing new software that is ready to be deployed into a stage environment.

Question 179

Continuous deployment

Answer 179

the practice of frequently deploying new software into a production environment.

Question 180

Continuous validation

Answer 180

the practice of frequently verifying that new and existing software is tested.

Question 181

Continuous monitoring

Answer 181

the practice of frequently monitoring released software to detect errors, security risks and compliance issues.

Question 182

open web application security project (OWASP)

Answer 182

a non-profit foundation that publishes methodologies, documentation, tools, and technologies for raising awareness and improving web application security.

Question 183

Web application security

Answer 183

the set of practices and technologies that enable the creation of secure web applications.

Question 184

Input validation

Answer 184

a secure coding technique that ensures only valid input is entered into software.

Question 185

OWASP Top 10

Answer 185

a regularly-updated list of the 10 most common web application security risks.

Question 186

Allow list

Answer 186

an input validation method that ensures an input matches a set of known good values.

Question 187

Block list

Answer 187

an input validation method that ensures an input does not contain known bad values.

Question 188

Server-side validation

Answer 188

input validation that is performed by a server after input has been sent to the server.

Question 189

Client-side validation

Answer 189

input validation that is performed by a client before input is sent to a server