Which of the following DFD component is used to represent the change in privilege levels?
Answer : D
Which of the following configurations can help you avoid displaying server names in server response header?
Answer : B
Which of the following can be derived from abuse cases to elicit security requirements for software system?
Answer : D
Which of the following state management method works only for a sequence of dynamically generated forms?
Answer : C
Which of the following authentication mechanism does J2EE support?
Answer : D
Which of the following is used to mapCustom Exceptions to Statuscode?
Answer : A
It is recommended that you should not use return, break, continue or throw statements in _________
Answer : A
Which of the following relationship is used to describe abuse case scenarios?
Answer : B
To enable the struts validator on an application, which configuration setting should be applied in the struts validator configuration file?
Answer : A
Identify what should NOT be catched while handling exceptions.
Answer : B
Which of the following method will you use in place of ex.printStackTrace() method to avoid printing stack trace on error?
Answer : C
Thomas is not skilled in secure coding. He neither underwent secure coding training nor is aware of the consequences of insecure coding. One day, he wrote code as shown in the following screenshot. He passed 'false' parameter to setHttpOnly() method that may result in the existence of a certain type of vulnerability. Identify the attack that could exploit the vulnerability in the above case.
Answer : B
Identify the type of attack depicted in the figure below:
Answer : D
During his secure code review, John, an independent application security expert, found that the developer has used Java code as highlighted in the following screenshot. Identify the security mistake committed by the developer?
Answer : B