Unit 4: Apply the Secure Software Development Life Cycle Flashcards
1
Q
What are common vulnerabilities in the Software Development Life cycle according to the OWASP TOP Ten project
A
- Injection
- Broken Authentication and Session Management
- Cross-site Scripting (XSS)
- Insecure Direct Object References
- Security Misconfiguration
- Sensitive Data Exposure
- Missing Function Level Access Control
- Cross-site Request Forgery (CSRF)
- Using Components with Known Vulnerabilities
- Unvalidated Redirects and Forwards.
2
Q
Forces a logged-on victim to send a forged HTTP request to a vulnerable web application
A
Cross-site Request Forgery (CSRF)
3
Q
When attackers redirect victims to phishing or malware sites or use forwards to access unauthorized pages
A
Unvalidated Redirects and forwards
4
Q
Occurs when untrusted data is sent to an interpreter as part of a command or query
A
injection
5
Q
Occurs when a developer exposes a reference to an internal implementation object
A
Insecure Direct Object References
6
Q
Occurs whenever an application takes untrusted data and sends it to a web browser without proper validation or escaping
A
Cross-site Scripting (XSS)
7
Q
What is the STRIDE Threat Model
A
Spoofing Tampering Repudiation Information Disclosure Denial of Privilege Elevation of Privilege
