Tag: security

It does not matter, the web serve will treat all GET requests as POST requests

The information in a POST request cannot be manipulated. It is possible to change a GET request

A GET request is sent when requesting information; A POST request is sent when sending information

The data is sent in the body of the POST request and in the URL in a GET request

Sent to the user in a hidden field so that tech support can retrieve the information later

Destroyed if it occurs to minimize the chances that this information might be inadvertently disclosed

Logged on the server side

A and C

Accounts for each user

Account for each group of users

Accounts for each business unit

None of the above

60 days

180 days

120 days

90 days

Is a good programming practice

Is very useful during code reviews

Is the recommended practice for secure code maintenance

May give the attacker valuable information to perform an exploit

Servers are generally configured in a secure manner when they are first installed

It is impossible to securely configure a web server

Out of the box settings normally meet what is called minimum baseline security standards

The default settings on web servers are not generally secure

Filtering data with a default deny regular expression

Running the application with the least privilege necessary

Client side data validation

Retrieving data from database using pre-compiled stored procedures

The web server is not patched

The attack entices a user to perform a certain action

Users do not patch their machines

Users share email accounts

Check authorization on each page

Name files with un-guessable names

Place all accessible files in the same directory

ACL's on the web root

Is necessary to check some functionalities during the testing and production support

May lead to security breaches

Do not consume significant bandwidth and so can be allowed in the application

Is necessary in case the application needs a future addition