D385 Software Security and Testing
Answers Questions
,Sanitize outbound log messages What is the primary defense against log injection attacks?
An attacker exploits a cross-site scripting vulnerability. What
Access the user's data
is the attacker able to do?
eval() Which Python function is prone to a potential code injection attack?
Check functional preconditions What are two common defensive coding techniques?
and postconditions
test Which package is meant for internal use by Python for regression
testing?
type() Which Python function is used for input validation?
A security analyst has noticed a vulnerability in which an
Broken access control
attacker took over multiple users' accounts. Which
vulnerability did the security analyst encounter?
When creating a new user, an administrator must submit the
following fields to an API endpoint:
Name
Implement resource and field- Email
level access control Address
Passwor
d
IsAdmin
What is the best way to ensure the API is protected against privilege
escalation?
Exploiting query parameters Which method is used for a SQL injection attack?
Which response method, when sent a request, returns
response.content
information about the server's response and is delivered
back to the console?
Override same starting policy for What does cross-origin resource sharing (CORS) allow users to do?
specific resources
,
Answers Questions
,Sanitize outbound log messages What is the primary defense against log injection attacks?
An attacker exploits a cross-site scripting vulnerability. What
Access the user's data
is the attacker able to do?
eval() Which Python function is prone to a potential code injection attack?
Check functional preconditions What are two common defensive coding techniques?
and postconditions
test Which package is meant for internal use by Python for regression
testing?
type() Which Python function is used for input validation?
A security analyst has noticed a vulnerability in which an
Broken access control
attacker took over multiple users' accounts. Which
vulnerability did the security analyst encounter?
When creating a new user, an administrator must submit the
following fields to an API endpoint:
Name
Implement resource and field- Email
level access control Address
Passwor
d
IsAdmin
What is the best way to ensure the API is protected against privilege
escalation?
Exploiting query parameters Which method is used for a SQL injection attack?
Which response method, when sent a request, returns
response.content
information about the server's response and is delivered
back to the console?
Override same starting policy for What does cross-origin resource sharing (CORS) allow users to do?
specific resources
,
