Failing to declare a class final can enable which of the following attacks on a developer’s code?
A.
Session hijacking via compromised session cookies
B.
Decompilation of java class files (including those in APK files), revealing sensitive data
C.
Attacker can use data injection (e.g., SQL injection, Cross-site scripting) to corrupt data in the
application or the DOM
D.
Attacker can potentially extend a class and define new methods that access sensitive data from
inside the scope of the class
Explanation: