Tag: security

Sent to the user in a hidden field so that tech support can retrieve the information later

Destroyed if it occurs to minimize the chances that this information might be inadvertently disclosed

Logged on the server side

A and C

WADL, WSDL, SAML

UDDI, WADL, WSDL

SOAP, SAML, WADL

WSDL, SOAP, SAML

Accounts for each user

Account for each group of users

Accounts for each business unit

None of the above

An administrative interface to an application

When two users access each other's information

A loop hole within an application that allows users to bypass the standard security flow by way of a secret token or identifier

The connection between the application and the database

A backdoor

An access control vulnerability

A buffer over flow

A SQL injection vulnerability

60 days

180 days

120 days

90 days

Is a good programming practice

Is very useful during code reviews

Is the recommended practice for secure code maintenance

May give the attacker valuable information to perform an exploit

Servers are generally configured in a secure manner when they are first installed

It is impossible to securely configure a web server

Out of the box settings normally meet what is called minimum baseline security standards

The default settings on web servers are not generally secure

Filtering data with a default deny regular expression

Running the application with the least privilege necessary

Client side data validation

Retrieving data from database using pre-compiled stored procedures

The web server is not patched

The attack entices a user to perform a certain action

Users do not patch their machines

Users share email accounts