Sam is a software developer and has recently gone through secure softwaredevelopment courses. When reviewing his programming code, he sees that his softwarePage 2cess trol-P1.txtsplits authentication and authorization steps. Why would this be a concern?
A.
A buffer overflow can cause authorization before identification steps
B.
Processing sequencing can be manipulated
C.
HTTP splitting can take place
D.
Browser injection can take place
Explanation:
software, when the authentication and authorization steps are split into twofunctions, there is a possibility an attacker could use a race condition to forcethe authorization step to be completed before the authentication step. It isimportant that the processes carry out their functionality in the correct sequence.If process 2 carried out its task on the data before process 1, the result will bemuch different than if process 1 carried out its tasks on the data before process 2.This would give someone access BEFORE realizing that they are not the legitimateuser.
Correct answer is B
Sam is a software developer and has recently gone through secure software development courses. When reviewing his programming code, he sees that his software splits authentication and authorization steps. Why would this be a concern?
A. A buffer overflow can cause authorization before identification steps
B. Processing sequencing can be manipulated
C. HTTP splitting can take place
D. Browser injection can take place
http://www.informit.com/blogs/blog.aspx?uk=CISSP-Questions-of-the-Week23
Unable to check the correct Answer.
Well still I guess – the Answer is B